Just a random question from /r/pcicompliance.
PCI Compliance – help with anti-virus, Firewall and Audit Logs
Curious if anyone has affordable solutions for anti-virus software, firewall and audit logs. Trying to help two retail stores become compliant. They use a POS software (that is itself PCI Compliance). They have macbooks at each location to swipe cards using a card reader and just the general business internet/wifi package set up at each location. Is there any way to do this without really increasing monthly costs for software and IT professionals?
A macbook (general purpose computer with general purpose OS) attached to the internet on a wifi network with a magstripe reader to read payment cards is going to be one of the more expensive environments to secure. Some solutions that accept payment cards have lesser security control requirements.
Maybe they picked the wrong solution for their needs? A PTS compliant point of interaction device is alot easier to secure and achieve compliance with (but doesnt do everything a PC can do).
Software (even POS software) can not be PCI DSS compliant, only organizations are, but I get what you mean. Maybe the software is PA-DSS compliant (PA is for Payment Application). PA-DSS compliant software requires the vendor to supply a PA-DSS implementation guide. The PA-DSS implementation guide will tell you what you need to do to deploy the software in a compliant manner (likely including the deployment of AV and firewall and not to use wifi).
Ad below this line: