Actually, the problem is the outside party that was hired to
run nessus and then not removing false positives. ( or in rare cases
they use a commercial product but after using a few different companies
to do scans in my experience they use nessus as the commercial products
have licenses that are
Identify the systems and networks that store or transmit cardholder
information. Isolate those behind state firewalls.
Label everything else as public networks. Now only the isolated
network(s) and serer(s) have to comply with PCI.
Once you have policies in place your systems and networks have t
2 matches
Mail list logo
