Collaborate Disseminate
We placed a jump server in CDE to restrict the direct access to PCI in-scope devices (although I believe it should be outside CDE, please confirm)
Now, we have opened SQL ports 1433 and application ports from the jump server to the prod ho… Continue reading Ports open on jump server in CDE
Does an Issuing bank require PCI AOC report?
AOC templates are only available for Merchants and Service providers.
Continue reading PCI – AOC applicable for Issuer bank? [closed]
Would I be breaching compliance if I process data that is extracted from a PCI DSS compliant environment for analysis?
There are 3 subnets:
Compliant subnet 1
Compliant subnet 2
Non-Compliant subnet 1
The PCI DSS data is on subnet 1 and … Continue reading PCI DSS data transfer to an out-of-scope network [closed]
My company is using virtual credit cards and since we are PCI compliant (and want to be in the future) I was wondering about the requirements of storing/processing and transmitting PAN numbers of virtual credit cards.
E.g. As part of the b… Continue reading Are virtual credit cards in scope for PCI Compliance?
I have a question related to this FAQ:
https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/How-does-encrypted-cardholder-data-impact-PCI-DSS-scope?q=how+does+encrypted+data+impact+the+scope&l=en_US&fs=Search&… Continue reading PCI scope "Encrypted cardholder data that is accessible to an entity that also has access to the decryption key"
I deployed successfully Spring application into AWS Elastic Beanstalk which us going to be used as Rest endpoint by Angular app deployed into Cloudfront service. I want to encrypt the communication between Angular and Spring with SSL. What… Continue reading Configure Spring application deployed in AWS Elastic Beanstalk to use SSL
We have developed a mobile application that integrates with systems of record of our clients via a middleware application.
This application, amongst other things, can integrate with product systems and create a basket of goods.
Currently t… Continue reading What level of PCI compliance is required, and who is responsible for having it, where a white label app is involved?
So this approach seems to be rather popular, particularly among payment processors that provide javascript integrations.
The added layer of security that "fields in iframe" brings also supposedly reduces the level of PCI complian… Continue reading How does collecting sensitive data using iframes increase security?
Does current PCI code require SSH connections be restricted to enumerated (specific) client IP addresses on the unsecure, dirty side? Isn’t that outside the scope of the PCI code?
A former employer of mine has reached out to me to assist them with PCI certification (I guess I’ll be getting a 1099-NEC from them next year as a result). Here’s the point I’m at in the questionnaire:
File-integrity monitoring tools are … Continue reading file-integrity monitoring tools for PCI compliance