ofbiz by it self can not pass the audit, since routers, firewall policies are also part of the security. however if the proper installation of ofbiz is followed, it will. so it is the responsibility of the installer to make sure it passes the audit. hope that helps.
Patrick Huegel sent the following on 10/14/2008 2:13 PM: > Hi All, > > I'm looking for some guidance on PCI. I've read some of the posts on *Is > OFBiz PCI compliant?* and I still have questions on the process to get > certified. > > http://lists.ofbiz.org/pipermail/users/2006-June/012459.html > http://www.nabble.com/Users---OFBiz-application-security-td3263502.html > > What is the process on getting the certification from OfBiz's point of > view? Is there a wiki or document to help us in the field secure for a PCI > examination? > Or a better question could be what are the specific areas to focus on for > PCI compliance - ie. CC#, CVV code, etc. > > Obviously, one area of focus is on the installation of OFBiz to ensure that > there are no "back doors" with the seed data used to build an OFBiz site. > All users on the system need to accountable and have a purpose on the system > without unecessary rights throughout the site. In addition, use of proper > 256-bit SSL certificates for all browser communications. > > Any info on this is very much appreciated. > > Thanks in advance, > -PH >
