Security Basics mailing list archives
PCI Compliance
From: "Josh Haft" <pacmansyu () gmail com>
Date: Wed, 9 Jan 2008 17:35:31 -0600
Hello all, need some opinions on PCI compliance. The company I work for is trying to become PCI compliant by June 30... we have a long way to go. According to requirement 8.3 of the PCI DSS, two-factor authentication is required for remote access. I've been evaluating Aladdin's eToken product and have been impressed, especially considering the cost. My question is whether anyone has had experience with this product in general or as it relates to PCI compliance. The execs are concerned because they seem to be a smaller company (perhaps not as reputable), but mostly because RSA is the only two-factor auth solution they've heard of, so are hesitant to adopt an alternative solution. Thoughts, comments or concerns on this approach to complying with that section of the PCI DSS would be appreciated. Josh
Current thread:
- PCI Compliance Josh Haft (Jan 10)
- Re: PCI Compliance Nick Owen (Jan 14)
- RE: PCI Compliance JD Brown (Jan 14)
- Re: PCI Compliance Stephen Thornber (Jan 14)
- RE: PCI Compliance Petter Bruland (Jan 16)
- Re: PCI Compliance Josh Haft (Jan 16)
- Re: PCI Compliance Stephen Thornber (Jan 14)
- Re: PCI Compliance Kartik (Jan 14)
- <Possible follow-ups>
- Re: PCI Compliance Sheldon Malm (Jan 14)
- Re: PCI Compliance Jay (Jan 16)
- RE: PCI Compliance Petter Bruland (Jan 16)
- RE: PCI Compliance Michael Benedetto (Jan 17)
- RE: PCI Compliance Petter Bruland (Jan 16)