Dailydave mailing list archives
Re: PCI-DSS and ssh public key question
From: Lee Brotherston <lee () nerds org uk>
Date: Tue, 10 Jun 2008 09:00:52 +0100
On Mon, Jun 09, 2008 at 04:27:14PM -0400, Paul Wouters wrote:
Does anyone have a definitive answer on whether ssh public key encryption, without hardware tokens, is allowed according to PCI-DSS?
Unfortunately the PCI-DSS standard is generally fluffy enough that there is no definitive answer to much of it. I would say the best course of action is to ask your QSA when they are doing your gap analysis. After all, it's their opinion that counts, at least from the perspective of getting the accreditation anyway. Thanks Lee -- Lee Brotherston - <lee () nerds org uk> _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- PCI-DSS and ssh public key question Paul Wouters (Jun 09)
- Re: PCI-DSS and ssh public key question Raymond Forbes (Jun 10)
- Re: PCI-DSS and ssh public key question Trygve Aasheim (Jun 10)
- Re: PCI-DSS and ssh public key question Lee Brotherston (Jun 10)
- Re: PCI-DSS and ssh public key question B.K. DeLong (Jun 10)
- Re: PCI-DSS and ssh public key question Paul Melson (Jun 10)