thePCI Portal

Category: Scoping

Does using telnet for admin always require at least a compensating control?

The PCI Guru has an article about an issue with PCI DSS requirement 2.3.b https://pciguru.wordpress.com/2017/06/09/we-need-a-change-to-2-3-b/ Reminder of what 2.3.b is about: 2.3.b Review services and parameter files on systems to determine that Telnet and other insecure remote-login commands are not available for non-console access. And the guidance for 2.3 is: If non-console (including remote) administration…

the Council Plans to Publish Scoping Guidance!

The latest news update for QSA’s includes news of an upcoming holiday gift for those in the PCI DSS world! The Security Standards Council plans to publish “Guidance for PCI DSS Scoping and Network Segmentation.”  in December 2016.  The Council informs that the guidance “aims to clarify scoping and segmentation principles provided in the PCI DSS”.…