The most recent content from our members.
We are using the SEM for our PCI DSS. The auditor require for us to show\provide evidence of our SEM to have the normal windows/server security (see below), To be PCI compliant, organizations must follow these password requirements: * Passwords/passphrases must have a minimum length of seven characters. *…
Current agent deployments are failing Qualys PCI scans due to the availability of the TLS 1.0 protocol which is not allowed as of the end of June 2018. Disabling TLS 1.0 in the registry of the server has no effect on the scan results. Unless TLS 1.0 is disabled or the option is made to disable it the PCI audit will fail.…
You seem to have a strict "no public timelines" policy which while very unhelpful to begin with, is becoming a big problem for us with the TLSv1.2 issue and our need to comply with PCI. Can you tell me if you will have support for TLSv1.2 completed prior to June 30th of this year per PCI requirements? If this is not…
Like traditional kung fu, in Security Kung Fu, there are two schools of thought. On one side, there are those guided by the industry’s best practices for IT security. On the other side, there are those who use regulatory frameworks like PCI DSS, HIPAA, SOX, and more as the guiding principles for their IT security strategy.…
I am having difficulty finding information on what alerts need to be given from LEM to satisfy our auditors. I am aware of what needs to be monitored and have my LEM setup for monitoring. It is the alerting I am having issues with. What alerts need to be given, specifically. I know any monitored file change, or read or…
When it comes to the technical aspects of PCI DSS, HIPAA, SOX, and other regulatory frameworks, the goals are often the same: to protect the privacy and security of sensitive data. But the motivators for businesses to comply with these regulatory schemes varies greatly. Penalties for Noncompliance Regulatory Compliance…
Compliance, as it applies to IT departments, involves following rules and regulations that are meant to protect sensitive data of all types. It can govern everything from IT decision-making and purchasing, to configurations, and the policies and procedures a company must create and enforce to uphold this important task.…
PCI DSS 3.1 expires October 31st this year. But don’t panic. If you don’t have a migration plan for 3.2, yet, you have until Feb 1, 2018 before the requirements become mandatory. For most merchants, the changes are not onerous. If you are a service provider, however, there are more substantial changes, some of which are…
It looks like you're new here. Sign in or register to get started.