PaulDotCom mailing list archives
Re: PCI Question
From: Jason Wood <tadaka () gmail com>
Date: Tue, 11 Jan 2011 18:44:02 -0700
Its not quite as easy as writing a check and doing an nmap scan. Applicant companies have to go through a number of checks to verify their background, insurance coverage, lack of conflict of interest and ability to perform vulnerability scans that meet PCI's requirements. One part of the approval process is to perform a vulnerability scan (not just nmap) on a PCI system. The applicant needs to satisfactorily detect the vulnerabilities on the system and not have too many false positives. At least that is what I was told by a company that was trying to get approved. The PCI website has a doc detailing the whole review process. I looked at it briefly today and it looked like a fair number of requirements. It probably would be a pain to go through the first time, but would be easier during reviews. https://www.pcisecuritystandards.org/documents/asv_validation_requirements.pdf Jason On Jan 11, 2011, at 3:51 PM, Joel Gunderson <jdgunderson () gmail com> wrote:
So does this basically mean that I have to pay one of those companies to run nmap against my network from outside the firewall in order to make it count towards PCI requirements? Does this mean they've had any additional training, or did they just front the cash to get on the list? On Tue, Jan 11, 2011 at 12:43 PM, John Strand <strandjs () gmail com> wrote: To be on the PCI Approved Scanning Vendors, or not.... https://www.pcisecuritystandards.org/approved_companies_providers/approved_scanning_vendors.php Love to get all of your thoughts on this. John _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com -- Joel Gunderson jdgunderson () gmail com "Defaults are the guardian angels of the clueless." _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- PCI Question John Strand (Jan 11)
- Re: PCI Question Ron Gula (Jan 11)
- Re: PCI Question Joel Gunderson (Jan 11)
- Re: PCI Question Mike Patterson (Jan 11)
- Re: PCI Question Jason Wood (Jan 11)
- Re: PCI Question Ralph Durkee (Jan 11)
- Re: PCI Question Jason Wood (Jan 11)