David, * David P. Quigley (dpqu...@tycho.nsa.gov) wrote: > So I downloaded and read through the PCI DSS document (74 pages is > pretty light compared to NFSv4.1 hehe...) and There are several areas > there where I think strong access controls in the database will not only > fulfill the requirement but provide much stronger guarantees than can be > provided from the application server alone.
Thanks for taking a look! That sounds like excellent news. My apologies for attributing the action item to the wrong individual. :) > The requirements in section 7 can definitely benefit from SEPG. I don't mean to be a pain, and we're all busy, but perhaps you could include a short description of what 'requirements in section 7' are.. It would help keep the mailing list archive coherent, and be simpler for folks who aren't familiar with PCI to play along. A link to the specific PCI DSS document you looked at would be an alternative, tho not as good as a 'dumbed-down' description. ;) That would at least avoid confusion over which document, since I presume there's more than one out there. Thanks again for looking over this! Treat, you've dealt alot with PCI in your commercial work; could you comment on this for the benefit of the list? I don't doubt David in the least, but it never hurts to have someone as lucky as yourself in frequent dealings with PCI compliance to provide any additional insight. Thanks! Stephen
signature.asc
Description: Digital signature