[ic] PCI Compliance

DB DB at M-and-D.com
Fri Jun 11 14:00:28 UTC 2010


> Has anybody had to take any special technical or other steps (outside of
> firewall, and other basic sys-admin tasks) in order to ensure a "PCI
> Compliant" Interchange?  
> 
> Thanks
> Rick
> 

The compliance vendor I used had a semi-automated system which performed
scans on my servers then reported any issues it found. Once I corrected
all of the issues then compliance was granted.

I use Centos and many of these "issues" were caused by the version
numbering scheme that Centos (and Redhat) uses for their packages. It
appeared that I was running outdated versions of SSL and other packages.
Once I explained this to the compliance vendor then these issues were
cleared.

There were a few actual changes I had to make such as edits to my apache
config, but I do not believe that I had to make any changes to IC itself.

DB



More information about the interchange-users mailing list