Educause Security Discussion mailing list archives

Re: PCI DSS - VDI (vmware) SAQ-C-VT question

From: Rich Graves <rgraves () CARLETON EDU>
Date: Tue, 7 May 2013 14:46:54 -0500

The complete lists of PCI validated end-to-end encryption applications and solutions is here: 

https://www.pcisecuritystandards.org/approved_companies_providers/validated_p2pe_solutions.php 
https://www.pcisecuritystandards.org/approved_companies_providers/validated_p2pe_applications.php 

There are 13 QSAs in the world that may certify a P2PE application as PA-DSS compliant. That list is at 
https://www.pcisecuritystandards.org/approved_companies_providers/p2pe_companies.php 

Since the Square reader is not PA-DSS validated, it is technically up to you to perform architecture and code reviews, 
physical penetration tests, etc. Or, you could observe who Square's primary investors are, and accept the risk. (Things 
might get interesting if you use Square and have a breach of AMEX or MasterCard data, though.)

Current thread:

PCI DSS - VDI (vmware) SAQ-C-VT question Oscar Knight (May 03)
- Re: PCI DSS - VDI (vmware) SAQ-C-VT question Jessica Odom (May 07)
  - Re: PCI DSS - VDI (vmware) SAQ-C-VT question Mike Osterman (May 07)
  - Re: PCI DSS - VDI (vmware) SAQ-C-VT question Everett, Alex D (May 07)
    - Re: PCI DSS - VDI (vmware) SAQ-C-VT question John Ladwig (May 07)
    - Re: PCI DSS - VDI (vmware) SAQ-C-VT question Rich Graves (May 07)