Educause Security Discussion mailing list archives
PCI 2.0 Compliance Timeline
From: Dave Koontz <dkoontz () MBC EDU>
Date: Mon, 17 Jan 2011 19:34:39 -0500
All, we just renewed our PCI compliance survey in mid December, (only a few weeks ago). Now our banks QSA is saying we must now go through PCI 2.0 survey. From various forum readings, I thought that new 2.0 was mostly a clarification of the existing surveys, and that re-certification to the 2.0 version was not required until the next renewal cycle. The new SAQ C-VT is very interesting. The PCI Council finally addresses the Virtual Terminal services most banks sell, but limits the rules to single PC merchants from quarterly scans, and that is only if they use a notebook PC. Hard wired single PC merchants still require scans? What about a campus that uses NAT / DHCP with leases of mere hours? That would seem to satisfy the device moves to different IP addresses of SAC C-VT, , what should it matter if it’s one or a hundred devices that can do this? Can anyone shed some light one way or the other. Below are a couple of sites that raise questions in my mind: http://treasuryinstitutepcidss.blogspot.com/2010/12/pci-open-mic-session.html http://blog.403labs.com/post/2056608448/saq-c-eligibility-a-comparison-of-saq-c-v1-2-saq-c Thanks in advance!
Current thread:
- PCI 2.0 Compliance Timeline Dave Koontz (Jan 17)
- Message not available
- Message not available
- Fwd: [SECURITY] PCI 2.0 Compliance Timeline Dave Koontz (Jan 19)
- Message not available
- Message not available