IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [pci-scope]

98 questions
3
votes
1 answer

What are the differences between DIACAP and RMF?

I am currently certifying systems (products) under DIACAP (DoD Information Assurance Certification and Accreditation Process). In the future we will need to use RMF (Risk Management Framework). What are the key differences between these two…
Lindsay Morsillo
  • 175
  • 1
  • 9
3
votes
1 answer

SSL terminates on webserver instead of load balancer. PCI compliance question

We have a website that processes credit card data and uses a load balancer for our two web servers. The SSL connection terminates on the webservers and not the load balancer. Is the load balancer in scope for PCI?
welladj
  • 31
  • 1
2
votes
1 answer

Is web site in-scope for PCI even though it redirects to a 3rd-party for card transaction?

Even though the web site never sees the cardholder data or sensitive authentication data in the clear, and never has access to the encryption keys, I would think the web site is in-scope because it could affect the security of the data. If the web…
knokej
  • 31
  • 3
1
vote
1 answer

PCI Compliance relating to 'other' passwords

I see PCI compliance related only to password security, as far as storage and transmission goes, for user names and email accounts. How does this relate to passwords for programs that run on a PCI compliant machine? For instance: Someone…
Anthony Miller
  • 257
  • 1
  • 8
1
vote
1 answer

If only getting and storing BIN part of credit card number, should I comply with any PCI (or other) specification?

I have a fraud detection system. From the client side (browser) I want to receive the store BIN section of the card number (first 6 digits) and if possible also the last 4 digits Besides the above, I do not process or store credit card number (or…
Ran Wasserman
  • 19
  • 3
0
votes
1 answer

Is a PCI scan required for LAN outer firewall with no open ports?

I have recently been trying to get my company ip addresses scanned with Comodo HackerGuardian. My website needed some adjustments to ssl but after they were made it passed the scan. As we also have a machine accessing a Virtual Terminal at our…
saltdog
  • 1
0
votes
1 answer

Account Security Cardholder data

Ok, so we do not store any cardholder data so I get confused by these questions. "Is all access to any database containing cardholder data (including access by applications, administrators, and all other users) restricted as follows:" 8.7(a) Is all…
user2091722
  • 17
  • 3