[ic] PCI Compliance
DB at M-and-D.com
Fri Jun 11 14:00:28 UTC 2010
> Has anybody had to take any special technical or other steps (outside of
> firewall, and other basic sys-admin tasks) in order to ensure a "PCI
> Compliant" Interchange?
The compliance vendor I used had a semi-automated system which performed
scans on my servers then reported any issues it found. Once I corrected
all of the issues then compliance was granted.
I use Centos and many of these "issues" were caused by the version
numbering scheme that Centos (and Redhat) uses for their packages. It
appeared that I was running outdated versions of SSL and other packages.
Once I explained this to the compliance vendor then these issues were
There were a few actual changes I had to make such as edits to my apache
config, but I do not believe that I had to make any changes to IC itself.
More information about the interchange-users