Technical and Operational Requirements for Approved Scanning Vendors
Friday, November 2nd, 2007 Posted in Approved Scanning Vendor, Database, PCI DSS, Web Applications | 3 Comments »For some reason, I've run into an inordinate number of questions this week regarding vulnerabilities that weren't addressed directly in the PCI-DSS -- or at least only addressed in a cursory fashion. The document that contains many of these ...
Whitepaper: Oracle Applications 11i - Credit Cards and PCI Compliance Issues
Sunday, March 11th, 2007 Posted in Database, PCI DSS, Vendors | 5 Comments »Integrity has a very comprehensive whitepaper on "Oracle Applications 11i: Credit Cards and PCI Compliance Issues" [PDF] (added to Resources page) It covers each of the 12 PCI DSS requirements as they relate to the Oracle database software. It's really ...
Authenticate all access to any database containing cardholder data
Monday, November 13th, 2006 Posted in Database, PCI DSS | 13 Comments »Requirement 8 focuses on user access and authentication, but 8.5.16 focuses specifically on the authentication to databases within the cardholder environment. The need for this specific requirement stems from the fact that databases containing credit card data are prime ...
