PCI/DSS Compliance On CentOS

Home » CentOS » PCI/DSS Compliance On CentOS
CentOS 13 Comments

I have a client project to implement PCI/DSS compliance.

The PCI/DSS auditor has stipulated that the web server, application
middleware (tomcat), the db server have to be on different systems.
In addition the auditor has also stipulated that there be a NTP
server, a “patch” server,

The Host OS on all of the above nodes will be CentOS 6.2.

Below is a list of things that would be necessary.

1. Digital Certificates for each host on the PCI/DSS segment
2. SELinux on each Linux host in the PCI/DSS network segment
3. Tripwire/AIDE on each Linux host in the PCI/DSS segment
4. OS hardening scripts (e.g. Bastille Linux)
5. Firewall
6. IDS (Snort)
6. Central

13 thoughts on - PCI/DSS Compliance On CentOS

  • QXJ1biBLaGFuIHdyb3RlOgo+IEkgaGF2ZSBhIGNsaWVudCBwcm9qZWN0IHRvIGltcGxlbWVudCBQ
    Q0kvRFNTIGNvbXBsaWFuY2UuCj4KPiBUaGUgUENJL0RTUyBhdWRpdG9yIGhhcyBzdGlwdWxhdGVk
    IHRoYXQgdGhlIHdlYiBzZXJ2ZXIsIGFwcGxpY2F0aW9uCj4gbWlkZGxld2FyZSAodG9tY2F0KSwg
    dGhlIGRiIHNlcnZlciBoYXZlIHRvIGJlIG9uIGRpZmZlcmVudCBzeXN0ZW1zLgo+IEluIGFkZGl0
    aW9uIHRoZSBhdWRpdG9yIGhhcyBhbHNvIHN0aXB1bGF0ZWQgdGhhdCB0aGVyZSBiZSBhIE5UUAo+
    IHNlcnZlciwgYSAicGF0Y2giIHNlcnZlciwKPgo+IFRoZSBIb3N0IE9TIG9uIGFsbCBvZiB0aGUg
    YWJvdmUgbm9kZXMgd2lsbCBiZSBDZW50T1MgNi4yLgo+Cj4gQmVsb3cgaXMgYSBsaXN0IG9mIHRo
    aW5ncyB0aGF0IHdvdWxkIGJlIG5lY2Vzc2FyeS4KPgo+IDEuIERpZ2l0YWwgQ2VydGlmaWNhdGVz
    IGZvciBlYWNoIGhvc3Qgb24gdGhlIFBDSS9EU1Mgc2VnbWVudAo+IDIuIFNFTGludXggb24gZWFj
    aCBMaW51eCBob3N0IGluIHRoZSBQQ0kvRFNTIG5ldHdvcmsgc2VnbWVudAo+IDMuIFRyaXB3aXJl
    L0FJREUgb24gZWFjaCBMaW51eCBob3N0IGluIHRoZSBQQ0kvRFNTIHNlZ21lbnQKPiA0LiBPUyBo
    YXJkZW5pbmcgc2NyaXB0cyAoZS5nLiBCYXN0aWxsZSBMaW51eCkKPiA1LiBGaXJld2FsbAo+IDYu
    IElEUyAoU25vcnQpCj4gNi4gQ2VudHJhbCDigJxzeXNsb2figJ0gc2VydmVyCj4KPiBIb3dldmVy
    LCBiZXlvbmQgdGhpcyBJIHdvdWxkIGFwcHJlY2lhdGUgYW55IGNvbW1lbnRzL2ZlZWRiYWNrIC8K
    PHNuaXA+CkkgaGFkIGEgc2hvcnQtdGVybSBjb250cmFjdCB3aXRoIGEgY29tcGFueSB0aGF0IGEp
    IGRpZCBtYW5hZ2VkIHNlY3VyaXR5LAphbmQgYikgd2FzIGEgcm9vdCBDQS4gSSAqdGhpbmsqIHRo
    ZSBhdWRpdG9yIG1pc3NlZCBvbmUgdGhpbmc6IGFzIEkKdW5kZXJzdGFuZCBpdCwgaWYgdGhlIHRo
    cmVlIHNlcnZlcnMgYXJlbid0IGhhcmR3aXJlZCB0byBlYWNoIG90aGVyLCAqYWxsKgpjb21tdW5p
    Y2F0aW9ucyBtdXN0IGJlIGVuY3J5cHRlZCBiZXR3ZWVuIHRoZW0uCgogICAgICAgbWFyawoKX19f
    X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KQ2VudE9TIG1haWxp
    bmcgbGlzdApDZW50T1NAY2VudG9zLm9yZwpodHRwOi8vbGlzdHMuY2VudG9zLm9yZy9tYWlsbWFu
    L2xpc3RpbmZvL2NlbnRvcwo

  • wow, seems like quite a lot.

    What “level” of PCI/DSS compliance are you going for?

    The only other thing I might add….

    Are you hosting the hardware? If it’s
    hosted else where then the “facility” that’s
    hosting the hardware needs to be PCI/DSS complaint.

  • S2VuIGdvZGVlIHdyb3RlOgo+IHdvdywgc2VlbXMgbGlrZSBxdWl0ZSBhIGxvdC4KCkhlaC4gV2hl
    biBJIHdhcyB3b3JraW5nIGZvciB0aGUgY29tcGFueSwgSSBoYWQgYSBndXkgd2hvIHNhdCBpbiBl
    YXN5CmVhcnNob3Qgd2hvIHdhcyBvbmUgb2YgdGhlaXIgZm9sa3Mgd2hvIGRlYWx0IHdpdGggcXVl
    c3Rpb25zIGZyb20gY29tcGFuaWVzCmFuZCBidXNpbmVzc2VzLiBUaGUgKmVhc2llc3QqIG9uZSwg
    dGhlIGxvd2VzdCBsZXZlbCwgd2FzIDYwIG9yIDYzCnF1ZXN0aW9ucy4gVGhlIHNlcmlvdXMsIGhp
    Z2hlc3Qgb25lIHdhcyBvdmVyIDIyMCwgYW5kIHJlYWxseSByZXF1aXJlZApwZW9wbGUgb24gYXQg
    bGVhc3Qgb3VyIGxldmVsIHRvIGFuc3dlciBzb21lIG9mIHRoZW0uCgogICAgICAgIG1hcmsKPgo+
    IFdoYXQgImxldmVsIiBvZiBQQ0kvRFNTIGNvbXBsaWFuY2UgYXJlIHlvdSBnb2luZyBmb3I/Cj4K
    PiBUaGUgb25seSBvdGhlciB0aGluZyBJIG1pZ2h0IGFkZC4uLi4KPgo+IEFyZSB5b3UgaG9zdGlu
    ZyB0aGUgaGFyZHdhcmU/IElmIGl0J3MKPiBob3N0ZWQgZWxzZSB3aGVyZSB0aGVuIHRoZSAiZmFj
    aWxpdHkiIHRoYXQncwo+IGhvc3RpbmcgdGhlIGhhcmR3YXJlIG5lZWRzIHRvIGJlIFBDSS9EU1Mg
    Y29tcGxhaW50Lgo+Cj4gT24gNS8yNS8yMDEyIDEwOjIyIEFNLCBBcnVuIEtoYW4gd3JvdGU6Cj4+
    IEkgaGF2ZSBhIGNsaWVudCBwcm9qZWN0IHRvIGltcGxlbWVudCBQQ0kvRFNTIGNvbXBsaWFuY2Uu
    Cj4+Cj4+IFRoZSBQQ0kvRFNTIGF1ZGl0b3IgaGFzIHN0aXB1bGF0ZWQgdGhhdCB0aGUgd2ViIHNl
    cnZlciwgYXBwbGljYXRpb24KPj4gbWlkZGxld2FyZSAodG9tY2F0KSwgdGhlIGRiIHNlcnZlciBo
    YXZlIHRvIGJlIG9uIGRpZmZlcmVudCBzeXN0ZW1zLgo+PiBJbiBhZGRpdGlvbiB0aGUgYXVkaXRv
    ciBoYXMgYWxzbyBzdGlwdWxhdGVkIHRoYXQgdGhlcmUgYmUgYSBOVFAKPj4gc2VydmVyLCBhICJw
    YXRjaCIgc2VydmVyLAo+Pgo+PiBUaGUgSG9zdCBPUyBvbiBhbGwgb2YgdGhlIGFib3ZlIG5vZGVz
    IHdpbGwgYmUgQ2VudE9TIDYuMi4KPj4KPj4gQmVsb3cgaXMgYSBsaXN0IG9mIHRoaW5ncyB0aGF0
    IHdvdWxkIGJlIG5lY2Vzc2FyeS4KPj4KPj4gMS4gRGlnaXRhbCBDZXJ0aWZpY2F0ZXMgZm9yIGVh
    Y2ggaG9zdCBvbiB0aGUgUENJL0RTUyBzZWdtZW50Cj4+IDIuIFNFTGludXggb24gZWFjaCBMaW51
    eCBob3N0IGluIHRoZSBQQ0kvRFNTIG5ldHdvcmsgc2VnbWVudAo+PiAzLiBUcmlwd2lyZS9BSURF
    IG9uIGVhY2ggTGludXggaG9zdCBpbiB0aGUgUENJL0RTUyBzZWdtZW50Cj4+IDQuIE9TIGhhcmRl
    bmluZyBzY3JpcHRzIChlLmcuIEJhc3RpbGxlIExpbnV4KQo+PiA1LiBGaXJld2FsbAo+PiA2LiBJ
    RFMgKFNub3J0KQo+PiA2LiBDZW50cmFsIOKAnHN5c2xvZ+KAnSBzZXJ2ZXIKPj4KPj4gSG93ZXZl
    ciwgYmV5b25kIHRoaXMgSSB3b3VsZCBhcHByZWNpYXRlIGFueSBjb21tZW50cy9mZWVkYmFjayAv
    Cj4+IHN1Z2dlc3Rpb24gaWYgeW91IG9yIHlvdXIgb3JnYW5pemF0aW9uIGhhcyB1bmRlcmdvbmUg
    YSBQQ0kvRFNTIGF1ZGl0Cj4+IGFuZCB3aGF0IGFyZSB0aGUgZ290Y2hhcyB0aGF0IHlvdSBlbmNv
    dW50ZXJlZCwgZXNwZWNpYWxseSB3aXRoIHJlc3BlY3QKPj4gdG8gQ2VudE9TLyBvcGVuIHNvdXJj
    ZSBzdGFjay4KPj4KPj4gSSBjYW1lIGFjcm9zcyB0aGlzIHdoaWNoIGtpbmQgb2YgYnJpbmdzIG91
    dCBpc3N1ZXMgYmV0d2VlbiB0aGUKPj4gaW1wbGVtZW50ZXIgYW5kIHRoZSBQQ0kvRFNTIGF1ZGl0
    b3IuCj4+IDxodHRwOi8vd2VibWFzdGVycy5zdGFja2V4Y2hhbmdlLmNvbS9xdWVzdGlvbnMvMTUw
    OTgvcGNpLWRzcy1jb21wbGlhbmNlLWZvci1hLXZwcy11c2luZy1jZW50b3M+Cj4+Cj4+IFRoYW5r
    cyB2ZXJ5IG11Y2guCj4+Cj4KPiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
    X19fX19fX19fXwo+IENlbnRPUyBtYWlsaW5nIGxpc3QKPiBDZW50T1NAY2VudG9zLm9yZwo+IGh0
    dHA6Ly9saXN0cy5jZW50b3Mub3JnL21haWxtYW4vbGlzdGluZm8vY2VudG9zCj4KCgpfX19fX19f
    X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwpDZW50T1MgbWFpbGluZyBs
    aXN0CkNlbnRPU0BjZW50b3Mub3JnCmh0dHA6Ly9saXN0cy5jZW50b3Mub3JnL21haWxtYW4vbGlz
    dGluZm8vY2VudG9zCg==

  • 2012/5/25 Arun Khan :

    requirement “one primary function per server”.

    true also.

    Usually needed, if you use https or similar protocols.

    SELinux is not usually needed.

    Ossec (www.ossec.net) can do this.

    Some hardening needed.

    Hardware and software firewall on each network segment with nat enabled.

    Ossec can do this

    Ossec server with samhain is good solution for that.

  • I have to check this with the client. Credit card information will
    be encrypted and stored in client’s own db.

    The client will be hosting it on their own office premise (the
    physical security aspect is being handled by another vendor).

    Thanks,
    — Arun Khan

  • 2012/5/26 Arun Khan :

    Usually you also need to implement WAF (web application firewall) on
    front of public webservers.

    I think cheapest solution is use mod_security*) on apache and then
    proxy valid requests to tomcat.

    *) http://www.modsecurity.org/

  • Yup, this is exactly what they don’t want people to do and
    I believe in the future they’ll strive for just a handful
    of processors that will meet there criteria.

    I’m sure I’m talking way over my head at this point…. but
    this must be for a fairly large merchant (1M+ transactions yearly).

    Not quite sure why one wouldn’t use one of processors gateway
    facilities, there’s convenient api’s that would handle anything to do
    with cc’s and at a “small fraction” of the price to set up and maintain.

  • 2012/5/26 Ken godee :

    “The client will be hosting it on their own office premise” sounds
    really bad. Usually this kind of systems are located in really secured
    datacenters.

  • T24gRnJpLCAyNSBNYXkgMjAxMiAyMjo1MjoxMyArMDUzMApBcnVuIEtoYW4gPGtudXJhOUBnbWFp
    bC5jb20+IHdyb3RlOgoKPiBJIGhhdmUgYSBjbGllbnQgcHJvamVjdCB0byBpbXBsZW1lbnQgUENJ
    L0RTUyBjb21wbGlhbmNlLgoKU29tZSBhZHZpY2UgZnJvbSBteSBwcmFjdGljYWwgcHJvZmVzc2lv
    bmFsIGtub3dsZWRnZS4uLgoKPiBUaGUgUENJL0RTUyBhdWRpdG9yIGhhcyBzdGlwdWxhdGVkIHRo
    YXQgdGhlIHdlYiBzZXJ2ZXIsIGFwcGxpY2F0aW9uCj4gbWlkZGxld2FyZSAodG9tY2F0KSwgdGhl
    IGRiIHNlcnZlciBoYXZlIHRvIGJlIG9uIGRpZmZlcmVudCBzeXN0ZW1zLgo+IEluIGFkZGl0aW9u
    IHRoZSBhdWRpdG9yIGhhcyBhbHNvIHN0aXB1bGF0ZWQgdGhhdCB0aGVyZSBiZSBhIE5UUAo+IHNl
    cnZlciwgYSAicGF0Y2giIHNlcnZlciwKClRoZXJlIGlzIGFsd2F5cyB0aGUgc2NvcGUgdG8gYmUg
    dW5kZXJzdG9vZC4KCklmIGEgc2VydmVyIGhhcyBjYXJkIG51bWJlcnMgc29tZXdoZXJlLCB0aGF0
    IHNlcnZlciBpbiBvbiBzY29wZS4KU28gaXMgYW55IG90aGVyIHNlcnZlciBvbiB0aGUgc2FtZSBu
    ZXR3b3JrIHNlZ21lbnQuClNvIGlzIGFueSBmaXJld2FsbCBkZWxpbWl0aW5nIHRoZXNlIG5ldHdv
    cmsgc2VnbWVudHMuCgpOb3cuLi4gaWYgeW91IGhhdmUgYSBzdWZmaWNpZW50bHkgbGFyZ2UgbnVt
    YmVyIG9mIHN5c3RlbXMgaW4gc2NvcGUsCml0J3MgbW9yZSBwcmFjdGljYWwgdG8gc3VwcG9zZSBQ
    Q0k6RFNTIGlzIGluIHNjb3BlIG9uIGFsbCBzZXJ2ZXJzLgoKVGhpcyBlYXNlcyB5b3VyIG1haW50
    ZW5hbmNlIGFzIHlvdSB3b24ndCBoYXZlIGV4Y2VwdGlvbnMgdG8gZGVhbCB3aXRoLApvciBqdXN0
    aWZ5LCBidXQgaWYgeW91IGhhdmUgdmVyeSBmZXcgc3lzdGVtcyBpbiBzY29wZSByYXRoZXIgdGhh
    biBtb3N0Cm9mIHRoZSBvdGhlcnMgd2hpY2ggYXJlbid0LCBpdCdsbCBiZSB5b3VyIGRlY2lzaW9u
    IGNvbnNpZGVyaW5nIHRoZSB3b3JrCm92ZXJsb2FkLiBJIHBlcnNvbmFsbHkgc3RpbGwgYWR2aXNl
    IHRvIGZvbGxvdyBtb3N0IHJ1bGVzIG9uIHRoZSBub24Kc2NvcGVkIHNlcnZlcnMgYXMgdGhleSBh
    cmUgaW4gZmFjdCB3aXNlIHJ1bGVzLgoKPiBUaGUgSG9zdCBPUyBvbiBhbGwgb2YgdGhlIGFib3Zl
    IG5vZGVzIHdpbGwgYmUgQ2VudE9TIDYuMi4KCk5vdCBhIGdvb2QgcHJhY3RpY2UgdG8gc2F5ICI2
    LjIiLiBNZXJlbHkgYXBwbHlpbmcgcGF0Y2hlcyBhcyB0aW1lIGdvZXMKb24gbWVhbnMgaW4gc29t
    ZSB0aW1lIHlvdSdsbCBiZSBydW5uaW5nIDYuMy4gU2F5IDYuIDopCgo+IEJlbG93IGlzIGEgbGlz
    dCBvZiB0aGluZ3MgdGhhdCB3b3VsZCBiZSBuZWNlc3NhcnkuCj4gCj4gMS4gRGlnaXRhbCBDZXJ0
    aWZpY2F0ZXMgZm9yIGVhY2ggaG9zdCBvbiB0aGUgUENJL0RTUyBzZWdtZW50Cj4gMi4gU0VMaW51
    eCBvbiBlYWNoIExpbnV4IGhvc3QgaW4gdGhlIFBDSS9EU1MgbmV0d29yayBzZWdtZW50CgpCZXdh
    cmUgdGhhdCBtYW55IGluc3RydWN0aW9ucyB0ZWxsIHlvdSB0byBkaXNhYmxlIHNlbGludXguIEkg
    Zm91bmQgdGhhdAp3aXRoIGEgbGl0dGxlIGJpdCBvZiB3b3JrIGFuZCB0aGUgaGVscCBvZiBhdWRp
    dDJ3aHkgYW5kIGEgZmV3IG1vcmUKc2VsaW51eCBjb21tYW5kcywgeW91IGNhbiB1c3VhbGx5IHdv
    cmsgYXJvdW5kIGJhZCBhcHBzIGJ5IGFzc3VtaW5nIHRoZQpyaXNrIG9mIGFsbG93aW5nIHdoYXQg
    dGhleSBuZWVkLgoKQSBtYXN0ZXIgd2lsbCB3cml0ZSBoaXMgb3duIHNlbGludXggcnVsZXMgYWNj
    b3JkaW5nIHRvIGFwcHMsIHRob3VnaC4KCj4gMy4gVHJpcHdpcmUvQUlERSBvbiBlYWNoIExpbnV4
    IGhvc3QgaW4gdGhlIFBDSS9EU1Mgc2VnbWVudAoKSSBhZHZpc2UgT1NTRUMsIHJhdGhlciB0aGFu
    IHRob3NlLCBhcyBpdCdzIGEgbXVjaCBiZXR0ZXIgSG9zdCBJRFMuCgo+IDQuIE9TIGhhcmRlbmlu
    ZyBzY3JpcHRzIChlLmcuIEJhc3RpbGxlIExpbnV4KQoKSSdtIHZlcnkgd2FyeSBvZiB0aGVzZSBn
    ZW5lcmljIG9uZXMsIEkgdXN1YWxseSBiZXQgb24gc3Ryb25nbHkgcmVkdWNpbmcKdGhlIHBhY2th
    Z2VzIGluc3RhbGxlZCBhbmQgZGVmaW5pbmcgdGhlIHNlY3VyaXR5IHNldHRpbmdzIHN0cmFpZ2h0
    IGZyb20KbXkga2lja3N0YXJ0IGluc3RhbGwgc2NyaXB0cy4KCj4gNS4gRmlyZXdhbGwKPiA2LiBJ
    RFMgKFNub3J0KQo+IDYuIENlbnRyYWwg4oCcc3lzbG9n4oCdIHNlcnZlcgoKQmUgY2FyZWZ1bCB0
    byBzZW5kIGxvZ3MgdW5kZXIgVExTLiBJIGZvdW5kIHRoYXQgYXMgYSBzeXNsb2cgc2VydmVyLApy
    c3lzbG9nIG9uIFJIRUwvQ2VudE9TIDUgKnN1Y2tzKiBhbmQgZ2V0cyB5b3UgaW4gdHJvdWJsZSB3
    aXRoIHJhbQpleGhhdXN0aW9uIGFuZCBjcmFzaGVzLiBJIGhhZCB0byBiYWNrcG9ydCBmcm9tIDYg
    YXMgdGhlIGlkaW90aWMgc2llbQpzb2Z0d2FyZSBydW5uaW5nIG9uIHRoYXQgc2VydmVyIGRlbWFu
    ZGVkIHNlcmllcyA1IChldmVuIHRob3VnaCBpdCdzCmp1c3QgamF2YSAqc2lnaCopIGFuZCB3ZSBy
    YW4gaW50byB0aGlzIGlzc3VlIHdpdGggcnN5c2xvZywgd2hpY2ggaXMKcXVpdGUgb2xkIHVuZGVy
    IFJIRUwvQ2VudE9TLgoKVGhpcyBzaWVtIHNlcnZlciBkb2VzIG5vdCBzdXBwb3J0IFRMUyBzeXNs
    b2csIG9ubHkgcGxhaW4gVURQL1RDUAp1bmVjcnlwdGVkIHN5c2xvZywgc28gb25lIGhhcyB0byB1
    c2UgYSBzeXNsb2cgc2VydmVyIHRvIHJlY2VpdmUgdW5kZXIKVExTIHRoZW4gZm9yd2FyZCB0byB0
    aGUgbG9jYWxob3N0LgoKPiBIb3dldmVyLCBiZXlvbmQgdGhpcyBJIHdvdWxkIGFwcHJlY2lhdGUg
    YW55IGNvbW1lbnRzL2ZlZWRiYWNrIC8KPiBzdWdnZXN0aW9uIGlmIHlvdSBvciB5b3VyIG9yZ2Fu
    aXphdGlvbiBoYXMgdW5kZXJnb25lIGEgUENJL0RTUyBhdWRpdAo+IGFuZCB3aGF0IGFyZSB0aGUg
    Z290Y2hhcyB0aGF0IHlvdSBlbmNvdW50ZXJlZCwgZXNwZWNpYWxseSB3aXRoIHJlc3BlY3QKPiB0
    byBDZW50T1MvIG9wZW4gc291cmNlIHN0YWNrLgoKVXNlIHN1ZG8gZXh0ZW5zaXZlbHkuIElmIHlv
    dSBoYXZlIG1hbnkgc2VydmVycyB3aXRob3V0IGNlbnRyYWwgcGFzc3dvcmQKdmFsaWRhdGlvbiBh
    bmQgdG9vIGxpdHRsZSBwZW9wbGUsIGl0J3MgYmV0dGVyIHRvIGhhdmUgcGFzc3dvcmRsZXNzIHN1
    ZG8KcmVzdHJpY3RlZCB0byBhZG1pbnMgZ3JvdXAgYXMgaWRlbnRpZmllZCBieSBhY2Nlc3Mgdmlh
    IE9wZW5TU0ggUlNBIGtleXMKdGhhbiBoYXZpbmcgdG8gY2hhbmdlIHlvdXIgcGFzc3dvcmQgZXZl
    cnkgbW9udGggb24gaHVuZHJlZHMgb2Ygc2VydmVycy4KClJlc3RyaWN0IHlvdXIgYWNjZXNzIHRv
    IHJvb3Qgc2hlbGwsIGFuZCBrZWVwIGl0J3MgcGFzc3dvcmQgKHdyaXR0ZW4gYnkKdHdvIHBlcnNv
    bnMsIGVhY2gga25vd2luZyB0aGVpciBvd24gaGFsZikgaW4gYSBzYWZlIHdoZXJlIG5vbmUgb2Yg
    eW91CmNhbiBhY2Nlc3Mgd2l0aG91dCBwYXBlciB0cmFpbC4KClllcywgYXMgYW4gYWRtaW4geW91
    IGNhbiBvdmVycmlkZSB0aGF0LCBidXQgaWYgeW91IGhhdmUgZXh0ZXJuYWxpemVkCmxvZ3MgYXVk
    aXRlZCBieSBhIHNlcGFyYXRlIHNldCBvZiBwZW9wbGUsIHlvdXIgdHJhaWxzIG1heSBnZXQgeW91
    IGluCnRyb3VibGUsIHNvIHRoYXQgcmlzayBpcyBtaXRpZ2F0ZWQuCgo+IEkgY2FtZSBhY3Jvc3Mg
    dGhpcyB3aGljaCBraW5kIG9mIGJyaW5ncyBvdXQgaXNzdWVzIGJldHdlZW4gdGhlCj4gaW1wbGVt
    ZW50ZXIgYW5kIHRoZSBQQ0kvRFNTIGF1ZGl0b3IuCj4gPGh0dHA6Ly93ZWJtYXN0ZXJzLnN0YWNr
    ZXhjaGFuZ2UuY29tL3F1ZXN0aW9ucy8xNTA5OC9wY2ktZHNzLWNvbXBsaWFuY2UtZm9yLWEtdnBz
    LXVzaW5nLWNlbnRvcz4KCkkgc2VlIHRoZXJlIHNvbWUgdGhpbmdzIHRoYXQgYXJlIG5vdCB0cnVl
    LCBuYW1lbHkgV1JUIENlbnRPUyB2ZXJzaW9ucy4KCkl0IGhhcyBhIGxvdCB0byBkbyB3aXRoICpo
    b3cqIHlvdSBkbyB5b3VyIHRoaW5ncywgd2hhdCBldmlkZW5jZXMgeW91CnJlZ2lzdGVyLCB3aGV0
    aGVyIHRoZSBhdWRpdG9yIGlzIGV4Y2Vzc2l2ZWx5IHN0cmljdCBhbmQvb3Iga25vd3MgdGhlCnRl
    Y2hub2xvZ3kgYW5kL29yIGRvZXMgYSByaXNrIGJhc2VkIGFzc2Vzc21lbnQsIGhvdyBzZWdtZW50
    ZWQgaXMgeW91cgpuZXR3b3JrLCBhbmQgc28gb24uCgpSdWkKX19fX19fX19fX19fX19fX19fX19f
    X19fX19fX19fX19fX19fX19fX19fX19fX18KQ2VudE9TIG1haWxpbmcgbGlzdApDZW50T1NAY2Vu
    dG9zLm9yZwpodHRwOi8vbGlzdHMuY2VudG9zLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2NlbnRvcwo

  • T24gRnJpLCAyNSBNYXkgMjAxMiAxMzo0NzoxMiAtMDQwMAptLnJvdGhANS1jZW50LnVzIHdyb3Rl
    OgoKPiBBcnVuIEtoYW4gd3JvdGU6Cj4gPiBJIGhhdmUgYSBjbGllbnQgcHJvamVjdCB0byBpbXBs
    ZW1lbnQgUENJL0RTUyBjb21wbGlhbmNlLgo+ID4KPiA+IFRoZSBQQ0kvRFNTIGF1ZGl0b3IgaGFz
    IHN0aXB1bGF0ZWQgdGhhdCB0aGUgd2ViIHNlcnZlciwgYXBwbGljYXRpb24KPiA+IG1pZGRsZXdh
    cmUgKHRvbWNhdCksIHRoZSBkYiBzZXJ2ZXIgaGF2ZSB0byBiZSBvbiBkaWZmZXJlbnQgc3lzdGVt
    cy4KPiA+IEluIGFkZGl0aW9uIHRoZSBhdWRpdG9yIGhhcyBhbHNvIHN0aXB1bGF0ZWQgdGhhdCB0
    aGVyZSBiZSBhIE5UUAo+ID4gc2VydmVyLCBhICJwYXRjaCIgc2VydmVyLAo+ID4KPiA+IFRoZSBI
    b3N0IE9TIG9uIGFsbCBvZiB0aGUgYWJvdmUgbm9kZXMgd2lsbCBiZSBDZW50T1MgNi4yLgo+ID4K
    PiA+IEJlbG93IGlzIGEgbGlzdCBvZiB0aGluZ3MgdGhhdCB3b3VsZCBiZSBuZWNlc3NhcnkuCj4g
    Pgo+ID4gMS4gRGlnaXRhbCBDZXJ0aWZpY2F0ZXMgZm9yIGVhY2ggaG9zdCBvbiB0aGUgUENJL0RT
    UyBzZWdtZW50Cj4gPiAyLiBTRUxpbnV4IG9uIGVhY2ggTGludXggaG9zdCBpbiB0aGUgUENJL0RT
    UyBuZXR3b3JrIHNlZ21lbnQKPiA+IDMuIFRyaXB3aXJlL0FJREUgb24gZWFjaCBMaW51eCBob3N0
    IGluIHRoZSBQQ0kvRFNTIHNlZ21lbnQKPiA+IDQuIE9TIGhhcmRlbmluZyBzY3JpcHRzIChlLmcu
    IEJhc3RpbGxlIExpbnV4KQo+ID4gNS4gRmlyZXdhbGwKPiA+IDYuIElEUyAoU25vcnQpCj4gPiA2
    LiBDZW50cmFsIOKAnHN5c2xvZ+KAnSBzZXJ2ZXIKPiA+Cj4gPiBIb3dldmVyLCBiZXlvbmQgdGhp
    cyBJIHdvdWxkIGFwcHJlY2lhdGUgYW55IGNvbW1lbnRzL2ZlZWRiYWNrIC8KPiA8c25pcD4KPiBJ
    IGhhZCBhIHNob3J0LXRlcm0gY29udHJhY3Qgd2l0aCBhIGNvbXBhbnkgdGhhdCBhKSBkaWQgbWFu
    YWdlZAo+IHNlY3VyaXR5LCBhbmQgYikgd2FzIGEgcm9vdCBDQS4gSSAqdGhpbmsqIHRoZSBhdWRp
    dG9yIG1pc3NlZCBvbmUKPiB0aGluZzogYXMgSSB1bmRlcnN0YW5kIGl0LCBpZiB0aGUgdGhyZWUg
    c2VydmVycyBhcmVuJ3QgaGFyZHdpcmVkIHRvCj4gZWFjaCBvdGhlciwgKmFsbCogY29tbXVuaWNh
    dGlvbnMgbXVzdCBiZSBlbmNyeXB0ZWQgYmV0d2VlbiB0aGVtLgoKSXQncyBhbHdheXMgYSBtYXR0
    ZXIgb2YgcmlzayBiYXNlZCBhbmFseXNpcy4KCldlcmUgdGhhdCB0aHJlZSBzZXJ2ZXJzIG9uIHRo
    ZSBzYW1lIG5ldHdvcmsgc2VnbWVudCAobG9naWNhbCBhbmQKcGh5c2ljYWwpPyBEbyB5b3UgaGF2
    ZSBnb29kIGFuZCByZXN0cmljdGl2ZSBmaXJld2FsbHMgYXJvdW5kIHRoZW0sIGFuZApzbyBvbi4K
    Ckl0J3Mgbm90IGdvb2Qgc2VjdXJpdHkgb3IgYSBnb29kIGF1ZGl0IHJlc3VsdCBpZiB5b3UganVz
    dCB0aHJvYiBhbGwgdGhlCm5vYnMuCgpSdWkKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
    X19fX19fX19fX19fX19fX18KQ2VudE9TIG1haWxpbmcgbGlzdApDZW50T1NAY2VudG9zLm9yZwpo
    dHRwOi8vbGlzdHMuY2VudG9zLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2NlbnRvcwo

  • Thanks to all who responded to my query. Collectively, you raised my
    awareness PCI/DSS, related tool sets and such.

    I have submitted my proposal to the client and I am sure I will
    discover a lot more if the proposal is accepted and I begin the
    implementation.

    @ Rui Miguel Silva Seabra – appreciate your advice and suggestions.

    — Arun Khan

  • 2012/5/26 Arun Khan :

    Just remember that PCI DSS is not self service process, you usually
    need to use PCI QSA (Qualified Security Assessor) to complete your PCI
    process.

LEAVE A COMMENT