Ahh! Good points! And with what Cameron said, period checks, etc... In my curiosity I found this hosting provider with a freebie download.... http://www.gsihosting.com/pci/12-questions-pci-hosting-provider.aspx
And here's some more documentation from pcisecuritystandards.org: "Prioritized Approach framework that lists the most efficient order for companies to implement the 12 security controls mandated under PCI DSS. The framework groups the controls under six specific milestones that companies can use as a road map towards compliance, according to council officials. " Download link to doc: https://www.pcisecuritystandards.org/education/docs/Prioritized_Approach_PCI_DSS_1_2.pdf And one more you guys might like: http://www.keross.com/pci-compliance-checklist---best-practices.html With links to these two pages: http://www.keross.com/log-management-checklist-for-hipaa%2C-pci-dss%2C-sox-and-fisma.html http://www.keross.com/pci-dss-requirements-version-1.2.html On Tue, Jun 22, 2010 at 12:51 PM, Judah McAuley <[email protected]>wrote: > > As for PCI compliance, encrypting card numbers isn't good enough. PCI > compliance covers not only data encryption but also physical access to > the machines (which is where the shared host db fails), auditing > requirements, backup requirements, etc...a whole lot more than simple > data encryption, which is why most companies do their processing > through someone like Authorize.net and let Authorize.net deal with the > PCI compliance. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:321740 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-community/unsubscribe.cfm
