Tracking PCI compliance

[rgula at tenablesecurity.com (Ron Gula)]

On 6/11/2009 9:49 AM, Chris Teodorski wrote:
> Hey all,
>
> I'm wondering if anyone has come up with a creative way to track PCI
> compliance across multiple applications in an organization.  I'm
> currently using a spreadsheet but it's getting rather cumbersome.
>
> Just wondering if someone smarter than me had come up with a cool
> tracking mechanism.  Ideally, I'd like to come up with something web
> based, so our management can jump on and look at something with pretty
> colors.
>
>   
It depends on what you are tracking and how often you want it updated.
PCI compliance
means many things and there are many ways to audit and monitor these
requirements. If
you want to see a video on how we do this for vulns, configs and logs,
check out this
link:

http://cgi.tenablesecurity.com/demos/pci2/pci2.htm

When you design reports for managers, you need to keep in mind what you
are showing
them and what their reaction will be when things "turn red".

Ron Gula
Tenable Network Security