Educause Security Discussion mailing list archives
Re: PCI DSS - VDI (vmware) SAQ-C-VT question
From: Rich Graves <rgraves () CARLETON EDU>
Date: Tue, 7 May 2013 14:46:54 -0500
The complete lists of PCI validated end-to-end encryption applications and solutions is here: https://www.pcisecuritystandards.org/approved_companies_providers/validated_p2pe_solutions.php https://www.pcisecuritystandards.org/approved_companies_providers/validated_p2pe_applications.php There are 13 QSAs in the world that may certify a P2PE application as PA-DSS compliant. That list is at https://www.pcisecuritystandards.org/approved_companies_providers/p2pe_companies.php Since the Square reader is not PA-DSS validated, it is technically up to you to perform architecture and code reviews, physical penetration tests, etc. Or, you could observe who Square's primary investors are, and accept the risk. (Things might get interesting if you use Square and have a breach of AMEX or MasterCard data, though.)
Current thread:
- PCI DSS - VDI (vmware) SAQ-C-VT question Oscar Knight (May 03)
- Re: PCI DSS - VDI (vmware) SAQ-C-VT question Jessica Odom (May 07)
- Re: PCI DSS - VDI (vmware) SAQ-C-VT question Mike Osterman (May 07)
- Re: PCI DSS - VDI (vmware) SAQ-C-VT question Everett, Alex D (May 07)
- Re: PCI DSS - VDI (vmware) SAQ-C-VT question John Ladwig (May 07)
- Re: PCI DSS - VDI (vmware) SAQ-C-VT question Rich Graves (May 07)
- Re: PCI DSS - VDI (vmware) SAQ-C-VT question Jessica Odom (May 07)