Honestly, it really comes down to what your QSA evaluates your controls at, on whether you meet the standard of PCI compliance or not.
Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Erik Goldoff [mailto:[email protected]] Sent: Friday, September 23, 2011 3:17 PM To: NT System Admin Issues Subject: Re: PCI compliance may depend on which of the 4 merchant levels the business falls under. When I was Ham Boy, we had a QSV scan and recertify our external IPs every month, but we only had the big full review yearly for the entire business. On Fri, Sep 23, 2011 at 2:00 PM, David Lum <[email protected]> wrote: For a site to be PCI compliant, is it an annual review process, or once PCI always PCI or ?? Surely someone here knows off the top of their head... David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image001.jpg>>
