The Open PCI Scoping Framework might help http://itrevolution.com/pci-scoping-toolkit/
They do ask for an email address to send download instructions On Thu, Feb 14, 2013 at 11:57 AM, Josh More <[email protected]> wrote: > Yes, your entire network will be in scope if you don't do things to > isolate it. > > I like to use UTMs to do that, but bear in mind that, even if you do > that, your daily, weekly, monthly and yearly requirements will apply > to your workstations and to your UTMs. It just won't extend to the > rest of the network if you isolate those workstations properly. > > -Josh > > On Thu, Feb 14, 2013 at 10:50 AM, Kevin <[email protected]> wrote: > > Hi all - > > I know this isn't a PCI focused list, but I'm hoping it's PCI tolerant > and > > someone can point me in the right direction. > > > > We are preparing to *begin* taking credit card payments from our > customers, > > and since we've never dealt with them before, I'm kinda new to the whole > > PCI-DSS thing. > > > > After reading through all the 'stuff' on the pci site, it seems to me > like > > it would make sense to limit the number of desktops, servers, routers, > etc > > that are "in scope". The PCI QSA vendors don't seem to want to help me > > limit the scope - it's almost as if they make more $$ from having my > entire > > network in scope... From reading the different SAQ's, it seems like > we're > > already doing all the stuff they are asking for, I just want to limit our > > risk. > > > > Currently my (4) cashier workstations are spread across my 2 client > > networks, and have full access to typical client facing network resources > > (exchange, sharepoint, various other non-customer service related web > apps, > > etc) The CC payment processor we are going to use has recommended > installing > > a USB swipe reader hooked to some sort of virtual terminal (active x > based) > > on each of the 4 PC's, and frankly that gives me the heebe-geebes. > > > > Our finance director is pushing to go live sooner than later. > > > > What types of techniques can be used to limit the scope? Am I overly > > worried about this? If I go live now and reduce scope later, would my > > entire network be in scope for this first year? > > > > Thanks in advance for any pointers you can offer. > > Kevin > > > > > > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
