Thursday, 13 March 2008

PCI and HackerSafe

It is stated that the "online "PCI Wizard" making PCI compliance more affordable and more reliable for merchants of all sizes. This service is only available through McAfee and includes expert step-by-step guidance allowing you to quickly meet all PCI requirements".

How do they configure a sites policies?
"The PCI standard requires you to maintain an Information Security Policy. Our example policy and implementation guidelines greatly simplify the overall compliance process."

Why bother with the truth. Section 12 requires that NOT ONLY is the polcy created, but that it is also put into effect. As a quote from a policy made using this service "12.9.5. Company X does not use IDS, but if it does recieve any such alerts it will act on them". Please explain to me how this is compliant with PCI-DSS?

How do they test wireless? How do they set encryption on a database?
Self assessment. The issue is that I am YET to see one that was completed correctly using such a service.

No comments: