Firewall Wizards mailing list archives
Re: PCI DSS & Firewalls
From: Brian Loe <knobdy () gmail com>
Date: Mon, 6 Apr 2009 09:34:10 -0500
On Mon, Apr 6, 2009 at 7:37 AM, Mark <firewalladmin () bellsouth net> wrote:
Brian Loe wrote: " What I would VERY MUCH LIKE is a "checklist" like the first set of instructions I got for (well, it's late and I can't remember the acronym - and it's since been changed anyway - DoD crap)...." Oh let me guess! Is it the STIG? Security Technical Implementation Guide? Oh and now we have the infamous "DISA Gold" which will hit you with a bunch of CAT 1&2 findings if the system is actually supposed to work. I've also noticed that between the STIG's, checklists (there are checklists in addition to the STIG and they are simply called Windows XP Security Checklist or Desktop Applications Security checklist, etc.) and FDCC there are conflicting security measures, making it impossible to ever be "fully" compliant. I will site a simple example that I recall from the top of my not-yet-balding head (paraphrased, not quoted):
I never made it through an audit with those criteria so I don't know how it would go. But I like that the "standard" I'm supposed to adhere to is specific and comes with its own checklist. I can either do it or know that I need to write an exception. The example finding you quoted would have made for entertaining exceptions, no doubt. I'm currently going through my second internal/external SOX audit. I find them equally useless so far as real security goes but you do have the benefit of the good cop/bad cop thing where they can at least advise you on where you need to bring your game up. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: PCI DSS & Firewalls, (continued)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls Jim Seymour (Apr 02)
- Re: PCI DSS & Firewalls Chris Blask (Apr 02)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls Jim Seymour (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls Paul Melson (Apr 03)
- Re: PCI DSS & Firewalls Brian Loe (Apr 05)
- Re: PCI DSS & Firewalls miedaner (Apr 05)
- Re: PCI DSS & Firewalls Mark (Apr 06)
- Re: PCI DSS & Firewalls Brian Loe (Apr 06)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls Chris Blask (Apr 02)
- Re: PCI DSS & Firewalls ArkanoiD (Apr 10)
- Re: PCI DSS & Firewalls Frank Knobbe (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls AMuse (Apr 02)
- Re: PCI DSS & Firewalls Darden, Patrick S. (Apr 02)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls Chris Myers (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)