Well, if things are still the same, level 4 merchants are only required to perform a self-audit, the higher you are on the merchant levels, the more stringent the requirements and deadlines.
_____ From: Benjamin Zachary - Lists [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 08, 2008 5:27 PM To: NT System Admin Issues Subject: RE: pci compliance I have found that even the free cisecurity.org tools run on each server is a great place to start. A 50 page report on each server with all its pass/fails. I think the free one even offers you the regkey fixes, or mskb to fix each issue. Documentation is key. Im not sure what the different levels are/mean although I have heard some talk about them with my clients and their respective auditor. A lot of the information will also come from the auditor once you pick a company they normally send you a lot of information to help get you going in the right direction. Maybe at your level you don’t require an on-site audit. The ones I do have a 3rd party auditor authorized by Visa/MC to come onsite every year, and also do pen tests every quarter. No virus found in this incoming message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.22.9/1365 - Release Date: 4/8/2008 7:30 AM No virus found in this outgoing message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.22.10/1367 - Release Date: 4/9/2008 7:10 AM ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
