Re: PCI Compliance
Chowell, I take it that it is your web server that is causing the failure, has your hosting company or the testing company given you any specifics on why you failed? Most of the PCI analysis that I tried (I did demo plans with a few companies before we selected ControlScan) involved quite similar steps - a "procedural audit" which consisted of a questionnaire about our current security practices, and a physical audit consisting of extensive daily or weekly vulnerability scans of our web server and the web-facing side of our company network. If you got through the procedural audit, the physical audit shouldn't give you any problems unless the hosting company is not adequately securing the servers, or a vulnerability exists in your web software.
|