Security Basics mailing list archives
Re: PCI DSS
From: evilwon12 () yahoo com
Date: 23 Aug 2007 15:08:04 -0000
PCI DSS is vague on certain things (at best). However, you did not state what level of a Merchant you are, which adds or subtracts plenty of things that you must do. My guess is that you are referring to Section 11. Note, that for most of the time, you are only required to have quarterly scans - which is what you are probably being quoted on. Only once a year does a pen test need to be done (unless their are major changes) and even then I think it depends on your level. Even then, are you hosting the application and data or outsourcing it? If you are outsourcing everything, you may not ever need to have a pen test done. So, what is it that you are really asking?
Current thread:
- PCI DSS security guy (Aug 22)
- RE: PCI DSS Craig Wright (Aug 23)
- <Possible follow-ups>
- Re: PCI DSS alistair . fletcher (Aug 23)
- Re: PCI DSS evilwon12 (Aug 23)
- FW: PCI DSS Craig Wright (Aug 23)