<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Dailydave: Re: PCI-DSS and ssh public key question

Re: PCI-DSS and ssh public key question

From: Lee Brotherston <lee_at_nerds.org.uk>
Date: Tue, 10 Jun 2008 09:00:52 +0100

On Mon, Jun 09, 2008 at 04:27:14PM -0400, Paul Wouters wrote:
> Does anyone have a definitive answer on whether ssh public key encryption,
> without hardware tokens, is allowed according to PCI-DSS?

Unfortunately the PCI-DSS standard is generally fluffy enough that
there is no definitive answer to much of it. I would say the best
course of action is to ask your QSA when they are doing your gap
analysis. After all, it's their opinion that counts, at least from
the perspective of getting the accreditation anyway.

Thanks

Lee

-- 
Lee Brotherston - <lee_at_nerds.org.uk>
_______________________________________________
Dailydave mailing list
Dailydave_at_lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Received on Jun 10 2008

This message: [ Message body ]
Next message: Paul Melson: "Re: PCI-DSS and ssh public key question"
Previous message: Trygve Aasheim: "Re: PCI-DSS and ssh public key question"
In reply to: Paul Wouters: "PCI-DSS and ssh public key question"
Next in thread: B.K. DeLong: "Re: PCI-DSS and ssh public key question"
Reply: B.K. DeLong: "Re: PCI-DSS and ssh public key question"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos