>Hi, > >It's practically impossible for us to really answer that. The OS >itself does not have to be PCI-compliant, but it is the implementation >that needs to be.
Agreed. You need to go hire yourself an auditor if you are dealing with PCI compliance. There is much more to PCI compliance than just operating system and service settings. From purely an operating system perspective you are probably half way there by going by the common SOX recommendations (file permissions, user account locking, password strength, etc), but that is only half the battle. PCI covers vastly greater ground than that. > >For example, HTTPD, if using SSL, must be configured for SSLv3 or >TLSv1, and that is available, but you must have configured it that >way. > >RHEL5 supports databases, but you must implement database encryption >if it holds sensitive customer information, that is part of your >implementation, not the OS compliancy. > >Marco > >On Thu, Jul 28, 2011 at 10:15 AM, James Harrison ><jamesaharriso...@yahoo.co.uk> wrote: >> Hi, >> >> Really important problem. We do have license mail/phone >support, but don't >> want any record of the problem on the RHN account!! >> >> We are going through PCI compliance process. >> >> We are using RHEL 5. Is RHEL 5 PCI compliant? >> >> I am looking at httpd in particular. httpd is at 2.2.3. >> >> Tha >> >> _______________________________________________ >> rhelv5-list mailing list >> rhelv5-list@redhat.com >> https://www.redhat.com/mailman/listinfo/rhelv5-list >> >> > > > >-- >*Microsoft MVP - Windows PowerShell >https://mvp.support.microsoft.com/profile/Marco.Shaw >*Co-Author - Sams Windows PowerShell Unleashed 2nd Edition >*Blog - http://marcoshaw.blogspot.com > >_______________________________________________ >rhelv5-list mailing list >rhelv5-list@redhat.com >https://www.redhat.com/mailman/listinfo/rhelv5-list > This email communication and any files transmitted with it may contain confidential and or proprietary information and is provided for the use of the intended recipient only. Any review, retransmission or dissemination of this information by anyone other than the intended recipient is prohibited. If you receive this email in error, please contact the sender and delete this communication and any copies immediately. Thank you. http://www.encana.com _______________________________________________ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list
