Paul, On Mon, Oct 22, 2018 at 11:32 AM Paul Wilkins <[email protected]> wrote: > I suppose auditors can qualify any report that mandated TCNs/TANs are > excepted, but are you then "PCI Compliant"?
Not possible as this would be separate from the Cardholder Data Environment (CDE) and the encryption of "data in transit" is PCI-DSS Requirement 4.1.c. If the definition of the CDE were to change in the future then a "warrant canary" would signify this within the "Report on Compliance" (RoC) or "Self Assessment Questionnaire" (SAQ). -- Regards, Christian Heinrich http://cmlh.id.au/contact _______________________________________________ AusNOG mailing list [email protected] http://lists.ausnog.net/mailman/listinfo/ausnog
