Educause Security Discussion mailing list archives
PCI DSS Compliance: Secure Systems and Applications
From: "Jensen, Gaylen" <JENSENG () BYUI EDU>
Date: Fri, 12 Sep 2008 09:54:04 -0600
We are trying to become PCI DSS compliant. We have a small programming staff and are wondering how to comply with some of the programming requirements without hiring more employees. Specifically (referring to PCI DSS self-assessment questions): 1. Separate development, test, and production environments (6.3.2) 2. Separation of duties between development, test, and production environments (6.3.3) 3. Follow change control procedures that include documentation of impact (6.4.1) If you have dealt with these issues and could impart some advice, it would be appreciated! Gaylen Jensen Information Security Officer Brigham Young University-Idaho (208) 496-1081
Current thread:
- PCI DSS Compliance: Secure Systems and Applications Jensen, Gaylen (Sep 12)