RightScale Blog

Cloud Management Blog
Cloud Management Blog

Add new comment

Raf, Thanks. As to your "good enough", it is my stance that if you follow the intent of my comments, then: 1. You have reduced risk to an acceptable level (so yes to me "secure") 2. You can meet the requirements of PCI-DSS Note that I do not equate the 2 :) As for the test data. There are test PANs that can, and should, be used. If there is no PAN, then no CHD. If you pull prod back into test/dev, then you need a sanitizing process to replace real PAN with test ones. It is that simple. While there may be exceptions, that is the rule that should be followed.
Posted by Phil Cox   Ι   July 24, 2012   Ι   10:40 AM