Educause Security Discussion mailing list archives
PCI network compliance consultants
From: Jeff Giacobbe <giacobbej () MAIL MONTCLAIR EDU>
Date: Fri, 9 Sep 2011 15:23:36 -0400
Colleagues- I'm wondering if anyone has had experience or could recommend a vendor/consulting firm that provides expertise on (re)designing our campus infrastructure to be "PCI compliant". I put that in quotes because the exact scope and definition of PCI compliance as it relates to the underlying network architecture is a bit of a gray area, to put it mildly. With the more recent revisions to the PCI DSS security standards there has been an increased focus on the network architecture itself, i.e. step 1 of the '12 steps' of compliance that deal primarily with ensuring proper business practices and user actions. Rather than a traditional audit of existing applications and university data handling policies, I'm really looking for more technical network design advice as it relates to supporting PCI compliant applications and devices. In other words, a consulting firm that can address all of the details involved in PCI-DSS step #1 "Build and maintain a secure network" so that our definition of a 'secure network' aligns with the Payment Card Industry's definition. Thanks, Jeff Giacobbe Assistant Vice President Enterprise Technology Services Montclair State University
Current thread:
- PCI network compliance consultants Jeff Giacobbe (Sep 09)