Educause Security Discussion mailing list archives
Re: PCI Compliance Policies
From: "Jones, Dan" <Dan.Jones () UMASSMED EDU>
Date: Thu, 19 Jul 2007 14:41:44 -0400
Here is the compliance timeline: By September 30, 2007 - Provide the name of the chosen Approved Scanning Vendor (ASV). By December 31, 2007 - Provide the signed Prohibited Data Retention Attestation Form and provide the first quarterly scan results. (NOTE: In order to avoid potential fines, the Attestation must confirm that there is NO evidence of prohibited data storage subsequent to transaction authorization). By March 31, 2008 - Provide the initial Self Assessment Questionnaire. By June 30, 2008 - Provide a passing Self Assessment Questionnaire and passing vulnerability scan results confirming that your organization is PCI compliant. An executive level officer of your organization must also sign the attached Confirmation of Report Accuracy and include it with the passing Self Assessment Questionnaire. -----Original Message----- From: Roger Safian [mailto:r-safian () NORTHWESTERN EDU] Sent: Thursday, July 19, 2007 1:20 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] PCI Compliance Policies At 12:14 PM 7/19/2007, Theresa M Rowe put fingers to keyboard and wrote:
Is ANYONE going to be compliant by the September deadline?? Did you
use a
consultant to get there?
What is the September deadline? I thought compliance was supposed to start on 1/1/06? FWIW, we're still working on compliance...it's pretty time consuming. -- Roger A. Safian r-safian () northwestern edu (email) public key available on many key servers. (847) 491-4058 (voice) (847) 467-6500 (Fax) "You're never too old to have a great childhood!"
Current thread:
- Re: PCI Compliance Policies, (continued)
- Re: PCI Compliance Policies Brewer, Alex D (Jul 19)
- Re: PCI Compliance Policies Penn, Blake (Jul 19)
- Re: PCI Compliance Policies Chuck Dunn (Jul 19)
- Re: PCI Compliance Policies Theresa M Rowe (Jul 19)
- Re: PCI Compliance Policies Roger Safian (Jul 19)
- Re: PCI Compliance Policies Theresa M Rowe (Jul 19)
- Re: PCI Compliance Policies Doug Markiewicz (Jul 19)
- Fw: PCI Compliance Policies Nick Fasano (Jul 19)
- Re: PCI Compliance Policies Penn, Blake (Jul 19)
- Re: PCI Compliance Policies Roger Safian (Jul 19)
- Re: PCI Compliance Policies Jones, Dan (Jul 19)
- Re: PCI Compliance Policies Brad Judy (Jul 19)
- Re: Fw: PCI Compliance Policies Brad Judy (Jul 19)
- Re: Fw: PCI Compliance Policies Roger Safian (Jul 19)
- Re: PCI Compliance Policies Curt Wilson (Jul 26)
- Re: PCI Compliance Policies Brad Judy (Jul 26)
- Re: PCI Compliance Policies Scott O. Bradner (Jul 31)
- Re: PCI Compliance Policies Scott O. Bradner (Jul 31)