Educause Security Discussion mailing list archives
Re: PCI DSS Review - 40 Hours?
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Tue, 24 Apr 2012 18:43:35 -0400
On Tue, 24 Apr 2012 21:28:56 -0000, Michael Johnson said:
Only a certified entity (QSA) can render expert opinion on satisfying the ROC.
On the other hand, I think any IT professional who's been involved in a PCI DSS review is probably qualified to give non-expert opinion of the form "We sank 160 hours into it just to get started, and there's no way you're gonna do it in 40 unless you have a *really* limited scope in place". That, and I don't think anything said on this list would qualify as "expert opinion" in the legal sense, since everybody who posts an opinion here is doing so without knowing all the details of the original poster's situation.
Attachment:
_bin
Description:
Current thread:
- PCI DSS Review - 40 Hours? Dan Sarazen (Apr 24)
- Re: PCI DSS Review - 40 Hours? Drew Perry (Apr 24)
- Re: PCI DSS Review - 40 Hours? Lorenz, Eva (Apr 24)
- Re: PCI DSS Review - 40 Hours? Radford, Jennifer (Apr 24)
- Re: PCI DSS Review - 40 Hours? Lorenz, Eva (Apr 24)
- Re: PCI DSS Review - 40 Hours? Rich Graves (Apr 24)
- Re: PCI DSS Review - 40 Hours? Jon Young (Apr 24)
- Re: PCI DSS Review - 40 Hours? Dan Sarazen (Apr 24)
- Re: PCI DSS Review - 40 Hours? Michael Johnson (Apr 24)
- Re: PCI DSS Review - 40 Hours? Valdis Kletnieks (Apr 24)
- Re: PCI DSS Review - 40 Hours? Jon Young (Apr 25)
- Re: PCI DSS Review - 40 Hours? Dan Sarazen (Apr 24)
- Re: PCI DSS Review - 40 Hours? Brad Judy (Apr 24)
- Re: PCI DSS Review - 40 Hours? Drew Perry (Apr 24)
- Re: PCI DSS Review - 40 Hours? Marcum, Chad A (Apr 24)
- Re: PCI DSS Review - 40 Hours? Hugh Burley (Apr 26)
- <Possible follow-ups>
- Re: PCI DSS Review - 40 Hours? John Hoffoss (Apr 30)