Dailydave mailing list archives
Re: PCI-DSS and ssh public key question
From: Trygve Aasheim <trygve () pogostick net>
Date: Tue, 10 Jun 2008 07:18:28 +0200
Paul Wouters wrote:
It seems the answer might be depending on your auditor..... Paul _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
That's the key really. The auditor wants two things: - He/She doesn't want to be blamed for auditing someone who then had a breach - He/She wants to help you to pass as well So if you can show him/her that you are in control, using a slightly different approach than what is suggested - it will pass (most likely). The important thing is to show him/her that you see the red line throughout the requirements, and even though you've followed this - there are some areas that you've chosen another path (but for which you have documented well). At least that's how it works over here in Europe, when we have audits on the different American standards (and now you guys are sending Sox over the lake as well....!)... Good luck, T _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- PCI-DSS and ssh public key question Paul Wouters (Jun 09)
- Re: PCI-DSS and ssh public key question Raymond Forbes (Jun 10)
- Re: PCI-DSS and ssh public key question Trygve Aasheim (Jun 10)
- Re: PCI-DSS and ssh public key question Lee Brotherston (Jun 10)
- Re: PCI-DSS and ssh public key question B.K. DeLong (Jun 10)
- Re: PCI-DSS and ssh public key question Paul Melson (Jun 10)