> I'm not trying to get around HIPAA, PCI or Sarbane-Oxley - or anything else. > I am trying to explore how I may use their standards to develop something to > fit within their guidelines. I was wondering what it would actually take to > do that. Preferably without a 3rd party... > > I thought perhaps this group may have some insight or instruction as to how > to approach it. (How to approach the pitfalls, what hardware would need to > be in place, etc.) > > I did not expect "It's too hard" "Too complicated" "cost prohibitive" "legal > nightmare" to be the canned answer - from everyone. That seems so short > sighted. Defeatist. Unimaginative. But, I guess I am just too optimistic. I > was hoping to find some creative thinking and practical applications to a > common question.
If everyone gives you the same answer to your question, you should probably take that as a signal of some sort. Again, though, the primary issues with meeting standards like PCI-DSS aren't technical ones. That is, it's not a matter of choosing one algorithm over another. It's about policies, procedures, standards, threat profiles, etc. It's not a matter of being defeatist or unimaginative; if someone came to me and said "I want to start a service like Authorize.net and I have a big pile of money" I could probably figure out a way to help them. But that's not what you're doing. You're asking for technical answers to non-technical questions on a mailing list where people don't get paid to respond in depth. And, for what it's worth, there were some technical answers in the thread. But the underlying question is too broad for someone to answer it in a single email. That's just not how mailing lists work. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:330949 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
