I could be wrong (and often am) but I think PCI only cares about cardholder data and some ancillary processes (like system security).
A documented (and management approved) exception with compensating controls ought to be sufficient. Of course, much depends on the quality of the auditors. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Jeff Grigg Sent: Thursday, July 23, 2009 7:51 AM To: [email protected] Subject: Re: CA Mainframe 2.0 We started looking at using this but soon found out it does not support secure FTP so that came to a quick halt. CA has said this may come in the future. With PCI requirements SFTP is a must for us. NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
