XP & PCI Compliance

office politics

It's all just 1s and 0s
Messages
6,555
Location
in the lab
looks like there's a way to keep xp alive after all.


http://www.mcafee.com/us/resources/faqs/faq-pci-retail-compliance.pdf

Q. How will this impact PCI DSS?
A. The Payment Card Industry (PCI) has specified that a system running an OS no longer supported by the vendor violates
the standard unless there are compensating controls, such as whitelisting, to mitigate the risks.2
Q. How does whitelisting help?
A. It prevents any unauthorized program that is on disk or injected into memory from executing and prevents
unauthorized changes to an authorized baseline. This includes safeguarding against malware designed to attack the
operating system.

Q. How will my DSS compliance change with whitelisting?
A. Retailers should verify that their QSA recognizes whitelisting as a compensating control for addressing the risks posed
by operating systems without vendor support. Retailers should also follow industry best practice guidelines (IBPG) that
further lock down firewalls, BIOS, ports, user access, and more beyond the protection provided by whitelisting.
Q. How does whitelisting address PCI DSS Requirement 5: Use and regularly update antivirus software
or program?

A. Whitelisting provides complete malware protection without the need for updates. It does this by providing memory
protection for all binaries on the system regardless of the vendor.
 
Back
Top Bottom