On 6/28/17 9:48 AM, Trevor Vaughan wrote: > > My reading of PCI-DSS indicates that it is supposed to be stacked on > top of an additional known standard. So, for full compliance, you'll > need to scan against PCI-DSS here and then pick which of the other > baseline standards you want to follow and run that one as well. > > You should be able to put together a custom SCAP scenario to do all of > the appropriate scans at once but keeping them separate is generally > easier so that you don't have to munge with anything upstream.
Do you have a pointer for the need for additional standards? The PCI-DSS docs call out specific controls they want to see (e.g. PCI-DSS 8.2.3 - 7 char alpha numeric passwords)... haven't come across the layering concept before. (I have very little experience with PCI-DSS and can learn from the pointer) _______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
