Martin
Thu Nov 24 10:21:02 CST 2005
I am an auditor from a Qualified Security Assessor for Visa/MC PCI DSS
Assessments.
I would be interested to discuss further the possible use of EFS in regards
to compliance to PCI.
If interested please provide me with some contact details.
"The Poster" wrote:
> Apparently the credit card companies in question do not approve of EFS (as
> per our Auditors) - pity that because its exactly what I'm looking for.
>
> Regards,
> Steve.
>
> "Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
> news:edZNQI2xFHA.2540@TK2MSFTNGP09.phx.gbl...
> > Just out of curiosity, are you believing that use of EFS cannot
> > acheive one or more of your listed requirements ? (as I did not
> > see one)
> >
> > --
> > Roger Abell
> > Microsoft MVP (Windows Server : Security)
> > MCDBA, MCSE W2k3+W2k+Nt4
> > "The Poster" <nospam@nospam_dontyoudare.net> wrote in message
> > news:ur33H8AxFHA.2516@TK2MSFTNGP12.phx.gbl...
> > > G/Day forum,
> > >
> > > I'm looking for a File/Folder encryption solution (aside from EFS) for
> my
> > > Windows 2000 based file server. This is based on one of the requirements
> > > of
> > > Visa/MasterCards PCI Data Security Standard -
http://snipurl.com/fhzg .
> > >
> > > To achieve compliancy with PCI DSS, we need to imply the following
> > > controls
> > > on credit card data:
> > >
> > > 1) to encrypt data at a folder level - that is all of the containing
> > > folders
> > > and files
> > > 2) to allow for split knowledge of encryption keys and management
> thereof
> > > 3) to allow for strong encryption support (algorithms like 3DES, AES,
> etc)
> > > 4) a mechanism for automating the encryption process on a daily basis -
> > > this
> > > is coincide with a backup cycle (no clear text credit card files get
> > > backed
> > > up onto tape)
> > >
> > > Your thoughts on any products that suit my requirements?
> > >
> > > Regards,
> > > Steve.
> > >
> > >
> >
> >
>
>
>