Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

 

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: [ActiveDir] (OT) PCI DSS Audit and Active Directory/Windows
Prev Next
You are not authorized to post a reply.

AuthorMessages
PARRISUser is Offline

Posts:291

07/16/2008 5:42 PM  
Hello,


Has anyone gone through a PCI DSS audit and come out the other side? I am in the middle of a pre-audit and would be interested to know (off line if preferred) what you had to do to achieve it - in my opinion the standard is very high level in certain areas and almost contradictory in different categories - leaving it open to interpretation - which is causing huge areas of debate

The company I am working with is a Level 1 merchant.

Has anyone segmented their network, does/did this cause you issues with AD/Windows?

What did you use for a syslog server?

Any gotcha's people found?

Has anyone found any good documentation or online resources?

Thanks in advance



Regards,

Mark Parris
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
sbradcpaUser is Offline

Posts:496

07/16/2008 5:42 PM  
Heck, down here in the SMB space it's causing a lot of debate.

There's a couple of PCI/DSS forums that might help, I'll get the links.

Mark Parris (L) wrote:
> Hello,
>
>
> Has anyone gone through a PCI DSS audit and come out the other side? I am in the middle of a pre-audit and would be interested to know (off line if preferred) what you had to do to achieve it - in my opinion the standard is very high level in certain areas and almost contradictory in different categories - leaving it open to interpretation - which is causing huge areas of debate
>
> The company I am working with is a Level 1 merchant.
>
> Has anyone segmented their network, does/did this cause you issues with AD/Windows?
>
> What did you use for a syslog server?
>
> Any gotcha's people found?
>
> Has anyone found any good documentation or online resources?
>
> Thanks in advance
>
>
>
> Regards,
>
> Mark Parris
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
michael1User is Offline

Posts:426

07/16/2008 5:42 PM  
I've been through this, I guess twice now.

Your best bet (IMO) is to engage your auditing company to help you. In my
cases, the auditing company had a document that told us EXACTLY what they
wanted and how they wanted it set up.

We did split the PCI applications into their own domain and there was a
every-four-hours DTS job that dumped relevant information and scp'ed it to
another server. This allowed us to reduce our reviewed servers and
procedures and policies down to a manageable level. Doing our entire
environment would've been an impossible task.

Regards,

Michael B. Smith
MCSE/Exchange MVP
http://TheEssentialExchange.com

Mark Parris (L) wrote:
> Hello,
>
>
> Has anyone gone through a PCI DSS audit and come out the other side? I am
in the middle of a pre-audit and would be interested to know (off line if
preferred) what you had to do to achieve it - in my opinion the standard is
very high level in certain areas and almost contradictory in different
categories - leaving it open to interpretation - which is causing huge areas
of debate
>
> The company I am working with is a Level 1 merchant.
>
> Has anyone segmented their network, does/did this cause you issues with
AD/Windows?
>
> What did you use for a syslog server?
>
> Any gotcha's people found?
>
> Has anyone found any good documentation or online resources?
>
> Thanks in advance
>
>
>
> Regards,
>
> Mark Parris
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx

List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] (OT) PCI DSS Audit and Active Directory/Windows



ActiveForums 3.7
Friends

Friends

VisualClickButoton
Members

Members

MembershipMembership:
Latest New UserLatest:MrPTSai
New TodayNew Today:0
New YesterdayNew Yesterday:0
User CountOverall:5234
People OnlinePeople Online:
VisitorsVisitors:36
MembersMembers:0
TotalTotal:36
Online NowOnline Now:

Ads

Copyright 2009 ActiveDir.org
Terms Of Use