[ic] PCI Compliance
DB
DB at M-and-D.com
Fri Jun 11 14:00:28 UTC 2010
> Has anybody had to take any special technical or other steps (outside of
> firewall, and other basic sys-admin tasks) in order to ensure a "PCI
> Compliant" Interchange?
>
> Thanks
> Rick
>
The compliance vendor I used had a semi-automated system which performed
scans on my servers then reported any issues it found. Once I corrected
all of the issues then compliance was granted.
I use Centos and many of these "issues" were caused by the version
numbering scheme that Centos (and Redhat) uses for their packages. It
appeared that I was running outdated versions of SSL and other packages.
Once I explained this to the compliance vendor then these issues were
cleared.
There were a few actual changes I had to make such as edits to my apache
config, but I do not believe that I had to make any changes to IC itself.
DB
More information about the interchange-users
mailing list