Are myASP.NET's servers PCI compliant?
PCI compliance is only partially related to server security. The larger
part of compliance rests on how you handle and protect data. Since that
aspect is dependent on the site owner, it cannot be said that a server
itself is or is not PCI compliant.
Can you help me meet PCI compliance requirements?
There are inherent difficulties in obtaining PCI compliance for a site
on any shared hosting platform. You may be able to work with the
company doing the testing to bypass some requirements, but myASP.NET cannot assist you in completing a PCI Self-assessment
Questionnaire, nor can we make any configuration changes to our web
servers to satisfy a PCI requirement.
Vulnerability scans done by a third party may highlight certain issues
that they consider security "failures," but in all likelihood are
necessary aspects of shared hosting (certain open ports, etc.).
In general, PCI compliance is very stringent and is geared toward large
corporate networks with dedicated web, payment and data storage servers
that the company in question has direct control over. It is not geared
toward smaller sites hosted on shared servers.
Again, it may be possible to work around certain requirements (we do
have customers who have done so), but unfortunately it is not an issue
that we can assist our customers with.
Article ID: 1559, Created: February 18, 2014 at 11:10 PM, Modified: February 18, 2014 at 11:14 PM