Dailydave mailing list archives

Re: PCI-DSS and ssh public key question

From: Lee Brotherston <lee () nerds org uk>
Date: Tue, 10 Jun 2008 09:00:52 +0100

On Mon, Jun 09, 2008 at 04:27:14PM -0400, Paul Wouters wrote:

Does anyone have a definitive answer on whether ssh public key encryption,
without hardware tokens, is allowed according to PCI-DSS?


Unfortunately the PCI-DSS standard is generally fluffy enough that
there is no definitive answer to much of it.  I would say the best
course of action is to ask your QSA when they are doing your gap
analysis.  After all, it's their opinion that counts, at least from
the perspective of getting the accreditation anyway.

Thanks

  Lee

-- 
Lee Brotherston - <lee () nerds org uk>
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

PCI-DSS and ssh public key question Paul Wouters (Jun 09)
- Re: PCI-DSS and ssh public key question Raymond Forbes (Jun 10)
- Re: PCI-DSS and ssh public key question Trygve Aasheim (Jun 10)
- Re: PCI-DSS and ssh public key question Lee Brotherston (Jun 10)
  - Re: PCI-DSS and ssh public key question B.K. DeLong (Jun 10)
- Re: PCI-DSS and ssh public key question Paul Melson (Jun 10)