Highest Voted 'pci-scope' Questions - IT Security Stack Exchange

1

vote

2 answers

Antivirus / Wireless PCI v2 Controls Scope

Do the Antivirus / Wireless controls within PCI v2 apply for the entire organisation, or just for the PCI scope?

asked Oct 21 '13 at 16:54

lisa17

1,958
7
21
43

1

vote

0 answers

PCI Compliance customer data being made available to another system?

Not completely au fait with PCI compliance, however we have our server checked each month by our host to check it is PCI compliant, because we have to keep it PCI Compliant for a specific customer/service that we have running on it. We have another…

pci-dss pci-scope

asked Sep 30 '13 at 18:54

Mark

111
3

1

vote

1 answer

Are virtual credit cards in scope for PCI Compliance?

My company is using virtual credit cards and since we are PCI compliant (and want to be in the future) I was wondering about the requirements of storing/processing and transmitting PAN numbers of virtual credit cards. E.g. As part of the business…

pci-dss credit-card pci-scope

asked Sep 28 '21 at 14:53

elli

329
2
10

1

vote

1 answer

file-integrity monitoring tools for PCI compliance

A former employer of mine has reached out to me to assist them with PCI certification (I guess I'll be getting a 1099-NEC from them next year as a result). Here's the point I'm at in the questionnaire: File-integrity monitoring tools are deployed…

pci-dss docker pci-scope git

asked Feb 12 '21 at 19:43

neubert

1,605
3
18
36

1

vote

2 answers

Can biometric vectors (i.e. fingerprint vector) be considered as Sensitive Authentication Data (SAD) in PCI?

I am designing a system that uses a certain biometric vector as a secondary user identification step before authorizing a payment. My system does not handle payment card details, rather the payment card processor consumes my service to authenticate…

pci-dss pci-scope

asked Jul 29 '20 at 09:13

Heshan Perera

125
4

1

vote

1 answer

If only getting and storing BIN part of credit card number, should I comply with any PCI (or other) specification?

I have a fraud detection system. From the client side (browser) I want to receive the store BIN section of the card number (first 6 digits) and if possible also the last 4 digits Besides the above, I do not process or store credit card number (or…

pci-scope

asked Mar 20 '19 at 08:43

Ran Wasserman

19
2

1

vote

2 answers

Emailing PAN securely?

Has anyone successfully implemented a PCI approved method of emailing PAN data? I know there are concerns managing all the PCI requirements in an email solution but is there anyone that has actually satisfied all PCI 3.2 requirements and had this…

pci-dss pci-scope

asked Mar 06 '18 at 15:02

Tboe

11
1

1

vote

1 answer

PCI DSS PenetrationTesting Requirement 11.3.4

I'm fairly new to PCI DSS and I'm confused over the requirement to perform pen-testing as per 11.3.4. as it states:- Are penetration-testing procedures defined to test all segmentation methods, to confirm they are operational and effective, and…

penetration-test pci-dss pci-scope

asked Mar 06 '18 at 09:43

li_greeny

11
2

1

vote

1 answer

PCI compliance for bank card system

There is a bank who has internal system working with card data preparation, generating PANs, and finally preparing personalization files that are sent to third party card manufacturer. The bank can see in their internal system all PANs in clear text…

pci-dss credit-card banks pci-scope

asked Feb 27 '18 at 19:02

user1563721

1,099
11
22

1

vote

1 answer

PCI-DSS : Sending antivirus logs from private infrastructure to public cloud?

We are planning to build an environment where all the Linux machines in private infrastructures will send their ClamAV log files to ELK stack hosted in a public cloud for log analysis. Is this PCI compliant?

pci-dss pci-scope

asked Nov 09 '17 at 11:11

karthik

11
1

1

vote

1 answer

PCI DSS: Is Mirror/ Identical Server in Pentest or Scanning Scope

I am just wonder if I have a mirror/identical (high availability server) server in my CDE segment, is that mirror server need be in scanning scope? If it is not in the scope, in the scanning report do I need to have a special note or remark on that…

pci-dss pci-scope

asked Sep 13 '17 at 05:37

overshadow

351
3
5
17

1

vote

1 answer

What compliance does my mobile application need?

We are going to develop an application for payment gateway which is already PCI DSS compliant, This application will be handling the payment through the API. My questions is is the application needs to be PA-DSS, P2PE, or PCI-DSS ?

appsec mobile compliance pci-scope

asked May 17 '17 at 13:46

Petr

665
6
12

1

vote

1 answer

Does PCI-required WiFi testing apply to all company facilities?

The PCI-DSS requirements define scope in terms of the CDE and systems connected to it. The requirements that specifically deal with physical security (9.x) are phrased in terms of facilities that house CDE systems (and can reasonably be interpreted…

pci-dss pci-scope

asked Sep 01 '16 at 21:51

Scott Buchanan

113
3

1

vote

2 answers

PA-DSS & DTMF application

If the payment application is not storing any credit card information, does it needs to be PA-DSS? The application takes the Credit card information using DTMF and pass-through via secure XML for payment processing. Thanks RB

pci-dss pci-scope payment-gateway

asked Mar 01 '16 at 19:43

user103064

11
1

0

votes

1 answer

PCI requirement 8.3 - 2FA for all network access originating outside the network

Requirement 8.3: Incorporate two-factor authentication for remote network access originating from outside the network by personnel (including users and administrators) and all third parties, (including vendor access for support or…

pci-dss pci-scope

asked Aug 17 '15 at 08:45

PCIrs

307
1
3
12

Questions tagged [pci-scope]