Highest Voted 'compliance' Questions - IT Security Stack Exchange

0

votes

1 answer

Is it legal to post card data from an ecommerce checkout to a PCI compliant 'store'

Let's say I want to charge a user's credit card with their permission after a sale takes place. But, I don't want to have to ask them their credit card a second time. Is it legal to store the credit card information as they're filling it out on the…

asked Apr 18 '20 at 01:51

Tallboy

105
4

0

votes

1 answer

GDPR data flow mapping and inventory

Anybody can share some tips on how to create a nice GDPR data flow mapping and inventory? Any sample diagrams? What diagrams types are best to be used here? Would you show high level diagram and sub-diagrams for each component set? How would you…

compliance gdpr

asked Mar 03 '20 at 10:20

dev

937
1
8
23

0

votes

1 answer

What are security best practices and compliance areas in Agile Software Development process

How do you ensure on a high level that developed software is secure and compliant. We want to introduce a service checklist that will list each item, including "Security and Compliance" section. It will have things/requirements like: No plain-text…

compliance software software-engineering agile

asked Feb 28 '20 at 08:31

dev

937
1
8
23

0

votes

0 answers

Returning Social Security Number After Validation Checks on Web Based Form

I have a web based application form that is used to gather personal information for web based users. One of the fields is an SSN. My question is simple, in terms of security compliance (in general, OWASP, PCI, SOC2, etc), is it okay to prefill the…

web-application webserver compliance owasp social-security-number

asked Nov 13 '19 at 15:42

TroySteven

1,329
2
7
11

0

votes

1 answer

If one user sees an email of another user, is it DSGVO conform?

I want to give a logged in user the ability to search for other users by their exact email. The search input is passed asynchronously by Javascript so the email would remain in server logs and so on. The connections are HTTPS only (cookie…

privacy compliance

asked Aug 04 '19 at 15:56

phpnoob

1
1

0

votes

0 answers

Is sFTP as a technology acceptable in FedRAMP compliant projects?

I seem to recall that there was some problem with using sFTP in some government environments, but now I need to know if it poses a risk on a FedRAMP-compliant project.

compliance sftp

asked Feb 12 '19 at 15:55

ShieldOfSalvation

173
1
9

0

votes

0 answers

IBM warns to move data out of insecure encryption schemes, but where to?

I'm currently using GnuPG (RSA 4096), Encryption-based DLP, SSL, SSL-VPN, Password Manager and other apps considered insecure by the IBM research team, who favor Lattice encryption over the standard asymmetric method. What are the options of the…

encryption cryptography compliance system-compromise

asked Jan 26 '19 at 05:16

a_at_cyber_dot_training

113
3

0

votes

1 answer

Signing and timestamping implementation

I am writing a software that records and stores data files. I want to digitally sign and time stamp these files so that I can assure that it's Contemporaneous and Attributable (to comply with 21 CFR part 11 regulations and ALCOA C+ guidelines). This…

digital-signature compliance timestamp

asked Jan 09 '19 at 11:45

cinico

93
7

0

votes

1 answer

HIPAA non-business associate for contract work

I have been asked by the sole owner/employee of a blood testing business to make her a web site. This web site would simply be used to schedule appointments for her patients. For this reason information such as Name Phone number Address Email…

legal compliance hipaa risk

asked Aug 15 '18 at 17:26

Element Zero

115
6

0

votes

1 answer

Is Aria2 downloads detectable by web servers?

A couple of months ago I signed up for a paid online course. Their terms of service indicate that these video lectures are for streamed viewing and not to be downloaded. There's a 2 hour commute from my home to work and back. Recently I've been…

webserver firefox compliance

asked May 05 '18 at 13:01

ml_nrd

1

0

votes

0 answers

SQL RLS for NIST compliance

Is there specific NIST documentation advising about implementing MS SQL Row-Level security for 800-53 compliance?

compliance sql-server nist

asked May 04 '18 at 14:31

Ayan Mullick

101
2

0

votes

1 answer

How to run FCS_TLSS tests of for common criteria evaluation?

So we are working on making a product of one of our clients common criteria compliant. We are using tls-cc-tools for running FCS_TLSC tests but we are unable to run FCS_TLSS_EXT.1.1 test 5. Please tell how can we run those tests. where we have to…

tls compliance tls-intercept common-criteria

asked Feb 14 '18 at 08:08

Shahbaz Shueb

101
2

0

votes

1 answer

Good book on PCI DSS?

I need to upgrade my skills on PCI DSS Compliance. I'm looking for a couple of combo: one to cover everything in an extensive way (a sort on encyclopedia to keep as a reference) and a quick guide to keep with me at work. Any recommendations?

pci-dss professional-education compliance payment

asked Sep 27 '17 at 10:24

Corlenoe

1
1

0

votes

1 answer

Requirments for a PCI Compliant Sales Receipts

I work with a software development company and we have a client that is asking us to change the coding in our software that allows for the signers name to print on the customers receipt. They are citing that it is a PCI compliance issue however I…

compliance

asked Aug 14 '17 at 16:10

Dave

1
1

0

votes

1 answer

PCI DSS or PCI Standard - Standards | Requirement | Implementation

I have done ISO 27001 implementation and auditin. I want to get a clear idea of PCIDSS standard. What is PCI DSS (I know the abbreviation) What are all the materials and sites to refer? What are all the standard documents to refer? What are the…

pci-dss compliance iso27001 standards

asked Oct 10 '16 at 05:18

sujansuresh

11
1

Questions tagged [compliance]