Educause Security Discussion mailing list archives
Re: PCI v2.0 Requirement 8.3
From: "Taylor, James R" <JimTaylor () MISSOURISTATE EDU>
Date: Tue, 18 Jan 2011 14:22:13 -0600
Sorry about the erroneous post... _______________________ Jim Taylor Information Security Officer (ISO) Missouri State University 417-836-5226 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -----Original Message----- From: Taylor, James R Sent: Tuesday, January 18, 2011 2:21 PM To: 'The EDUCAUSE Security Constituent Group Listserv' Subject: RE: PCI v2.0 Requirement 8.3 Charla: I think we need to address this issue, too. Would the Comodo certs through InCommon be OK? _______________________ Jim Taylor Information Security Officer (ISO) Missouri State University 417-836-5226 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Blake Penn Sent: Tuesday, January 18, 2011 2:10 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] PCI v2.0 Requirement 8.3 Dan, I see most clients (both inside and outside of Higher Ed) using either RSA SecurID tokens or personal certificates for 2-factor. Also, the use of remote access management tools like Bomgar is certainly on the uptick. Blake Penn CISSP, MCSE, MCSD, MCDBA, QSA Senior Security Consultant Trustwave bpenn () trustwave com +1 678-685-1277 http://www.trustwave.com DISCLAIMER: The views represented in this message reflect the opinions of the author alone and do not neccessarily reflect the opinions of Trustwave. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Daniel Bennett Sent: Monday, January 17, 2011 3:31 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] PCI v2.0 Requirement 8.3 We are currently working on PCI v2.0 compliance and we hit requirement 8.3. We are very interested in how other institutions have solved this requirement. Please respond on or off list. Below is the requirement: 8.3 Incorporate two-factor authentication for remote access (network-level access originating from outside the network) to the network by employees, administrators, and third parties. (For example, remote authentication and dialin service (RADIUS) with tokens; terminal access controller access control system (TACACS) with tokens; or other technologies that facilitate two-factor authentication.) Thanks, Dan
Attachment:
smime.p7s
Description:
Current thread:
- PCI v2.0 Requirement 8.3 Daniel Bennett (Jan 17)
- Re: PCI v2.0 Requirement 8.3 Flynn, Gary - flynngn (Jan 17)
- Re: PCI v2.0 Requirement 8.3 Blake Penn (Jan 18)
- Re: PCI v2.0 Requirement 8.3 Taylor, James R (Jan 18)
- Re: PCI v2.0 Requirement 8.3 Taylor, James R (Jan 18)
- Re: PCI v2.0 Requirement 8.3 Marcum, Chad A (Jan 19)
- Re: PCI v2.0 Requirement 8.3 Blake Penn (Jan 20)
- Re: PCI v2.0 Requirement 8.3 Mike Leach (Jan 18)
- Re: PCI v2.0 Requirement 8.3 Joe Marshall (Jan 18)