Security Basics mailing list archives
RE: PCI, EFS and the future?
From: "Gressick, Michael" <mgressick () cybersource com>
Date: Tue, 6 Feb 2007 08:54:59 -0800
May I ask why you feel that EFS is the wrong solution? On the face, it seems to satisfy all the PCI data storage encryption requirements ....
Funny, Visa just hosted a PCI-DSS seminar at their offices in Foster City and this very issue came up... Section 3.4.1 of PCI-DSS 1.1 specifically states that "Decryption keys must not be tied to user accounts." The gentleman that was speaking, a Mr. Chris Mark said they were specifically talking about EFS but could not call it out by name.
Current thread:
- PCI, EFS and the future? Nick Vaernhoej (Feb 02)
- RE: PCI, EFS and the future? Roger A. Grimes (Feb 05)
- Re: PCI, EFS and the future? Saqib Ali (Feb 05)
- RE: PCI, EFS and the future? Nick Vaernhoej (Feb 05)
- RE: PCI, EFS and the future? Gressick, Michael (Feb 07)
- RE: PCI, EFS and the future? dave kleiman (Feb 05)
- Message not available
- RE: PCI, EFS and the future? Nick Vaernhoej (Feb 05)
- RE: PCI, EFS and the future? Dan Anderson (Feb 19)
- RE: PCI, EFS and the future? Nick Vaernhoej (Feb 05)
- <Possible follow-ups>
- Re: PCI, EFS and the future? Nick Vaernhoej (Feb 05)
- Re: PCI, EFS and the future? Craig Wright (Feb 06)
- Re: PCI, EFS and the future? Sean Waddell (Feb 06)
- Re: PCI, EFS and the future? Saqib Ali (Feb 07)
- CastleCops 5-Year Anniversary and Contest dave kleiman (Feb 08)
- Re: PCI, EFS and the future? Sean Waddell (Feb 06)
- RE: PCI, EFS and the future? Dan Anderson (Feb 19)