IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Networking Forum / What Greg said.
Post #346,491
by Steve Lowe
8/20/11 1:52:35 PM
Reply
New What Greg said.
If you need an auditing firm, we had a pretty good relationship with Coalfire Systems. (still true, Greg?)

Even with self assessment, you need to prove external scans by an ASV. Check the website https://www.pcisecuritystandards.org/ for the latest list of vendors.

Good luck - I'm glad to not currently be a part of that world.
Post #346,514
by crazy
8/20/11 4:44:00 PM
Reply
New We got the scan vendor
Our CC processing company told us to use a particular vendor for scans. They have a deal with them, and feed their customers. The security vendor will scan for free, and support you through the process of the SAQ, but they have an ulterior motive.

They want to sell consulting services. And they get to judge if my company is PCI compliant. So any mistep means they can declare us not compliant, and then come in to sell their services. This is a major conflict of interest.

On the other hand, we are tiny, single computer room, 3 servers internally and an external hosted website. They know they can't make any real money from us, so they are usually very helpful by default. They just want us off their plate.

Our new web site passed the scan yesterday and we can put their logo on it. Yay!
Post #346,580
by Steve Lowe
8/22/11 6:30:59 PM
Reply
New woot
Passing a scan is praiseworthy indeed.
     Does general PCI q? belong here? - (crazy) - (18) - Aug. 19, 2011, 09:02:40 AM EDT
         If you don't store the CC# - (folkert) - (17) - Aug. 19, 2011, 09:35:36 AM EDT
             You missed it - (crazy) - (16) - Aug. 19, 2011, 11:51:38 AM EDT
                 HAHAHAHAHAHAHAHAHA!!!!!!! Oops ... sorry - (drook) - (10) - Aug. 19, 2011, 12:08:58 PM EDT
                     Let's all relax here - (crazy) - (7) - Aug. 19, 2011, 12:29:54 PM EDT
                         Audit happens every... - (folkert) - (6) - Aug. 19, 2011, 12:54:38 PM EDT
                             Maybe to you - (crazy) - (5) - Aug. 19, 2011, 01:58:21 PM EDT
                                 What do you think the initial PCI compliance... - (folkert) - (4) - Aug. 19, 2011, 04:05:02 PM EDT
                                     Is this "required" required? - (drook) - (1) - Aug. 19, 2011, 04:30:26 PM EDT
                                         Oh its the Voluntary one. - (folkert) - Aug. 19, 2011, 05:08:26 PM EDT
                                     Oh, it's required. - (crazy) - (1) - Aug. 20, 2011, 06:23:49 AM EDT
                                         Your company falls.. - (folkert) - Aug. 20, 2011, 09:51:32 AM EDT
                     AIX? That's a tree-chopping implement, right? - (Another Scott) - (1) - Aug. 19, 2011, 12:31:33 PM EDT
                         Actually, AIX... - (folkert) - Aug. 19, 2011, 01:00:10 PM EDT
                 Ouch. - (folkert) - (4) - Aug. 19, 2011, 12:46:43 PM EDT
                     All good stuff - (crazy) - Aug. 19, 2011, 02:02:15 PM EDT
                     What Greg said. - (Steve Lowe) - (2) - Aug. 20, 2011, 01:52:35 PM EDT
                         We got the scan vendor - (crazy) - (1) - Aug. 20, 2011, 04:44:00 PM EDT
                             woot - (Steve Lowe) - Aug. 22, 2011, 06:30:59 PM EDT

My God, it's full of stars...
48 ms