Highest Voted 'pci-scope' Questions - IT Security Stack Exchange

3

votes

3 answers

Boundaries of Personally Identifiable Information - PCI-DSS

I am attempting to ascertain the boundaries of personally identifiable information. For example does the combination of John and Doe equate to personally identifiable information since there could be several thousand John Does? My understanding of…

pci-dss pci-scope information-gathering

asked Apr 12 '16 at 08:45

Motivated

1,493
1
14
25

3

votes

1 answer

PCI DSS compliant without private VLAN

I understand that it may be a best practice to hide in-PCI-scope-elements like databases inside a VLAN without a public address and also strict firewall rules. However, my questions is: can interconnected dedicated servers with public IP addresses…

pci-dss pci-scope

asked Jan 29 '16 at 09:52

BitLegacy01

75
3

3

votes

1 answer

Using a CDN to reduce PCI DSS scope

A common scenario for e-commerce credit card types of transactions is a website with a connection to a third party payment processor. For a number of reasons you might not want to use an iFrame or page redirect, but doing so opens up your PCI scope…

pci-dss pci-scope

asked Nov 14 '15 at 00:54

Richard

327
2
13

2

votes

1 answer

PCI DSS - network design - users connect to internet via proxy; should we place it at the last hop or before firewall?

We need to be PCI compliant. PCI user VLAN is connecting to Internet via proxy, but I need confirmation about the location of the proxy. PCI user traffic flow: PC ==> ASA FW ==> IPS (integrated firewall) ==> proxy ==> Internet. Is this correct? Can…

pci-dss pci-scope

asked Mar 16 '15 at 06:34

PCIrs

307
1
3
12

2

votes

1 answer

Code deployment in PCI CDE

The PCI DSS v3 standard states the following: Network Segmentation To be considered out of scope for PCI DSS, a system component must be properly isolated (segmented) from the CDE, such that even if the out-of-scope system component was compromised…

pci-dss source-code pci-scope

asked Oct 24 '14 at 16:20

SilverlightFox

33,408
6
67
178

2

votes

1 answer

Does PCI DSS 1.4 include tablets and smartphones?

1.4 install personal firewall software on any mobile and/or employee-owned computers with direct connectivity to the Internet (for example, laptops used by employees), which are used to access the organization’s network. If company employees have…

mobile pci-dss pci-scope

asked May 28 '14 at 14:50

Four_0h_Three

1,225
2
8
13

2

votes

1 answer

PCI scope for a Direct-Post e-commerce site (SAQ A-EP)

An e-commerce site uses the Direct-Post method (see page 14 PCI e-commerce security). Is the server for the e-commerce application and network it resides on in scope for PCI? There are questions in the SAQ A-EP for servers and networking that…

audit pci-scope e-commerce

asked Jan 05 '21 at 20:23

J. Lam

21
1

2

votes

1 answer

What is the difference between a server and an appliance for PCI purposes?

I administer a few hundred servers and am going through a yearly PCI audit. This time around we need to prove that we've got anti-virus protection on our "systems commonly affected by malicious software (particularly personal computers and…

linux pci-dss antivirus pci-scope

asked Apr 16 '20 at 21:42

Peter Turner

141
1
5

2

votes

1 answer

Is web site in-scope for PCI even though it redirects to a 3rd-party for card transaction?

Even though the web site never sees the cardholder data or sensitive authentication data in the clear, and never has access to the encryption keys, I would think the web site is in-scope because it could affect the security of the data. If the web…

pci-scope

asked May 14 '19 at 18:42

knokej

31
3

2

votes

4 answers

PCI Compliance question from a merchant

I'm a new business that conducts online auctions for estate sales. When searching for software to use, I had no idea about PCI Compliance. My merchant account told me it was easy. It would be if the developer of the software had created a hosted…

compliance pci-scope

asked Dec 19 '17 at 23:27

Kary

21
1

2

votes

3 answers

PCI - store card details offline

I work for a company that sends out mail/telephone order goods. Some customers have orders they receive every day, with different amounts. We have been asked a few times by various customers if we can store there card details, for processing later,…

pci-dss credit-card pci-scope

asked Dec 12 '17 at 09:36

crooksey

141
2

2

votes

1 answer

Credit card store first four and last four which PCI SAQ?

In our application, we only transfer cardholder data to a PCI DSS compliant service provider, and don't store it ourselves. We only store first four and last four digits of credit card number for future reference: 1234 **** **** 1234 We have a lot…

pci-dss credit-card pci-scope

asked Jul 11 '17 at 08:05

Hasan Can Saral

135
4

2

votes

1 answer

PCI Consideration for HTTP Headers?

Recently, some of our servers were being flagged for not implementing proper HTTP headers in a Qualys scan. One of the sites that I visit regularly - http://pentestit.com has some good HTTP headers implemented: HTTP/1.1 200 OK Date Mon, 26…

http pci-dss pci-scope header

asked Jun 26 '17 at 23:20

Metahuman

493
1
5
12

2

votes

0 answers

Compliance/ FCA regulations

First of all, please accept my apology for being ingnorant to compliance/FCA regulations as I have been digging out everywhere to get the answer of a very specific question: SCENARIO I am planning to start an online business (lets say…

pci-dss compliance pci-scope regulation financial

asked Mar 18 '17 at 18:24

9 Digit

21
1

2

votes

2 answers

Receiving encrypted Credit Card number - PCI

We are in situation where our application receives a payment confirmation from a third party service, which includes an encrypted credit card number too. Our application needs to store the response. Other than that, in any way we not using the…

pci-dss credit-card pci-scope

asked Dec 18 '16 at 00:08

kallada

131
3

Questions tagged [pci-scope]