Bill - anything that puts another routable network alongside of the card processing info is in scope. The real; issue is that the PCI-SSC decided to formally create a policy to hold the auditors harmless in their actions and that is about to change.

Todd

On 5/1/2014 8:52 AM, William Herrin wrote:
On Thu, May 1, 2014 at 6:29 AM, Alain Hebert <aheb...@pubnix.net> wrote:
     Bill & Telnet...

         I hope that QSA didn't let you keep that telnet facing any
public interface without any protection.
Hi Alain,

The point I made, successfully, was that it was outside the firewall
hence out of scope for the audit. What I do in a different security
domain from the one which handles the credit card transactions is none
of their business.

Regards,
Bill Herrin


--
-------------

Personal Email - Disclaimers Apply

Reply via email to