[171468] in North American Network Operators' Group
Re: Dealing with auditors (was Re: We hit half-million: The Cidr
daemon@ATHENA.MIT.EDU (TGLASSEY)
Thu May 1 12:05:01 2014
X-Original-To: nanog@nanog.org
Date: Thu, 01 May 2014 09:04:57 -0700
From: TGLASSEY <tglassey@earthlink.net>
To: nanog@nanog.org
In-Reply-To: <CAP-guGUx8mLo+FTK10-Bvj0tue9+F++fzhm9dD3rnkMF6ThNyg@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
Bill - anything that puts another routable network alongside of the card
processing info is in scope. The real; issue is that the PCI-SSC decided
to formally create a policy to hold the auditors harmless in their
actions and that is about to change.
Todd
On 5/1/2014 8:52 AM, William Herrin wrote:
> On Thu, May 1, 2014 at 6:29 AM, Alain Hebert <ahebert@pubnix.net> wrote:
>> Bill & Telnet...
>>
>> I hope that QSA didn't let you keep that telnet facing any
>> public interface without any protection.
> Hi Alain,
>
> The point I made, successfully, was that it was outside the firewall
> hence out of scope for the audit. What I do in a different security
> domain from the one which handles the credit card transactions is none
> of their business.
>
> Regards,
> Bill Herrin
>
--
-------------
Personal Email - Disclaimers Apply
