nanog mailing list archives
Re: Dealing with auditors (was Re: We hit half-million: The Cidr Report)
From: William Herrin <bill () herrin us>
Date: Wed, 30 Apr 2014 17:31:53 -0400
On Wed, Apr 30, 2014 at 5:23 PM, Larry Sheldon <LarrySheldon () cox net> wrote:
On 4/30/2014 11:30 AM, Valdis.Kletnieks () vt edu wrote:And in that discussion, we ascertained that what the PCI standard actually says, and what you need to do in order to get unclued boneheaded auditors to sign the piece of paper, are two very different things.I am no longer active on the battlefield but as of the last time I was, it can't be did. For years I managed various aspect of a UNIVAC 1100 operation and the audits thereof. EVERY TIME, we were dinged badly because we didn't look like an IBM shop (some may be surprised to learn that different hardware and different operating systems require very different operating procedures (and it appeared to us that some of the things they wanted us to do would weaken us badly, others just simply didn't make any sense, and we got dinged for things we DID do, because they were strange.
I won the argument with PCI auditors about leaving telnet alive on my exterior router (which at the time would have had to be replaced to support ssh). It's not a chore for the timid. You'd better be a heck of a guru before you challenge the auditors expectations and you'd better be prepared for your boss' aggravation that the audit isn't done yet. And I think we pretty well established that PCI auditors arrive expecting to see NAT. Regards, Bill Herrin -- William D. Herrin ................ herrin () dirtside com bill () herrin us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
Current thread:
- Re: We hit half-million: The Cidr Report, (continued)
- Re: We hit half-million: The Cidr Report Jeff Kell (Apr 29)
- Re: We hit half-million: The Cidr Report TheIpv6guy . (Apr 29)
- Re: We hit half-million: The Cidr Report Jeff Kell (Apr 29)
- Re: We hit half-million: The Cidr Report Blake Dunlap (Apr 30)
- Re: We hit half-million: The Cidr Report Sholes, Joshua (Apr 30)
- RE: We hit half-million: The Cidr Report Jamie Bowden (Apr 30)
- Re: We hit half-million: The Cidr Report Valdis . Kletnieks (Apr 30)
- Re: We hit half-million: The Cidr Report joel jaeggli (Apr 30)
- Re: We hit half-million: The Cidr Report Sholes, Joshua (Apr 30)
- Message not available
- Dealing with auditors (was Re: We hit half-million: The Cidr Report) Larry Sheldon (Apr 30)
- Re: Dealing with auditors (was Re: We hit half-million: The Cidr Report) William Herrin (Apr 30)
- Re: We hit half-million: The Cidr Report Owen DeLong (Apr 29)
- Re: We hit half-million: The Cidr Report Rick Astley (Apr 30)
- Re: The Cidr Report Seth Mos (Apr 26)
- RE: The Cidr Report Deepak Jain (Apr 26)
- Re: The Cidr Report Geoff Huston (Apr 27)
- Re: The Cidr Report Fred Baker (fred) (Apr 30)