Thanks for the quick reply. Setting the router/firewall policies issue aside, my follow-up then is what's required for a 'proper installation' of OfBiz to prepare for a PCI audit. If we follow the Apache OfBiz Production Setup Guide, is that enough to secure OfBiz for us to then tackle the network issues (router/firewall)? http://docs.ofbiz.org/display/OFBTECH/Apache+OFBiz+Technical+Production+Setup+Guide
Has anyone gone though a PCI audit and is willing to share some insights into what is covered in one of these audits? Has anyone used a 3rd-party audit service or would recommend one from experience such as: McAfee - http://www.mcafeesecure.com/us/pci-intro.jsp Truste - https://getcertified.truste.org/ecommerce/ 403 Labs - http://www.403labs.com/solution/vulnerability Thx, -PH -- View this message in context: http://www.nabble.com/PCI-Security-Standards-Council-Compliance-tp19982416p20016814.html Sent from the OFBiz - User mailing list archive at Nabble.com.
