[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Dealing with auditors (was Re: We hit half-million: The Cidr Report)

Subject: Dealing with auditors (was Re: We hit half-million: The Cidr Report)
From: tglassey at earthlink.net (TGLASSEY)
Date: Thu, 01 May 2014 09:04:57 -0700
In-reply-to: <CAP-guGUx8mLo+FTK10-Bvj0tue9+F++fzhm9dD3rnkMF6ThNyg@mail.gmail.com>
References: <[email protected]> <[email protected]> <e20085807da04425ac7d2a33a4d7ab42@AMSPR07MB211.eurprd07.prod.outlook.com> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <CAD6AjGSzAuMhc3Gn2PUdunU9Uj3iuPma5fRSuuj-XAgPFK4X5Q@mail.gmail.com> <[email protected]> <465966A5F5B867419F604CD3E604C1E55DD5EE51@PRA-DCA-MAIL.pra.ray.com> <[email protected]> <CAP-guGXxb6r5yC8TuOOCcWiRgd=pheBhtUaOyWhbDzigU97DNg@mail.gmail.com> <CAJUfXzcS7_rqp7zm_1wV80a2XbZJRBnt-uiZFJs7c5e8hWfHaQ@mail.gmail.com> <[email protected]> <[email protected]> <CAP-guGUx8mLo+FTK10-Bvj0tue9+F++fzhm9dD3rnkMF6ThNyg@mail.gmail.com>

Bill - anything that puts another routable network alongside of the card 
processing info is in scope. The real; issue is that the PCI-SSC decided 
to formally create a policy to hold the auditors harmless in their 
actions and that is about to change.


Todd

On 5/1/2014 8:52 AM, William Herrin wrote:
> On Thu, May 1, 2014 at 6:29 AM, Alain Hebert <ahebert at pubnix.net> wrote:
>>      Bill & Telnet...
>>
>>          I hope that QSA didn't let you keep that telnet facing any
>> public interface without any protection.
> Hi Alain,
>
> The point I made, successfully, was that it was outside the firewall
> hence out of scope for the audit. What I do in a different security
> domain from the one which handles the credit card transactions is none
> of their business.
>
> Regards,
> Bill Herrin
>

-- 
-------------

Personal Email - Disclaimers Apply

References:
- Dealing with auditors (was Re: We hit half-million: The Cidr Report)
  - From: ulf at alameda.net (Ulf Zimmermann)
- Dealing with auditors (was Re: We hit half-million: The Cidr Report)
  - From: dhubbard at dino.hostasaurus.com (David Hubbard)
- Dealing with auditors (was Re: We hit half-million: The Cidr Report)
  - From: ahebert at pubnix.net (Alain Hebert)
- Dealing with auditors (was Re: We hit half-million: The Cidr Report)
  - From: bill at herrin.us (William Herrin)

Prev by Date: Dealing with auditors (was Re: We hit half-million: The Cidr Report)
Next by Date: We hit half-million: The Cidr Report
Previous by thread: Dealing with auditors (was Re: We hit half-million: The Cidr Report)
Next by thread: We hit half-million: The Cidr Report
Index(es):
- Date
- Thread