PCI (Payment Card Industry) compliance

Are myASP.NET's servers PCI compliant?

PCI compliance is only partially related to server security. The larger part of compliance rests on how you handle and protect data. Since that aspect is dependent on the site owner, it cannot be said that a server itself is or is not PCI compliant.

Can you help me meet PCI compliance requirements?

There are inherent difficulties in obtaining PCI compliance for a site on any shared hosting platform. You may be able to work with the company doing the testing to bypass some requirements, but myASP.NET cannot assist you in completing a PCI Self-assessment Questionnaire, nor can we make any configuration changes to our web servers to satisfy a PCI requirement.

Vulnerability scans done by a third party may highlight certain issues that they consider security "failures," but in all likelihood are necessary aspects of shared hosting (certain open ports, etc.).

In general, PCI compliance is very stringent and is geared toward large corporate networks with dedicated web, payment and data storage servers that the company in question has direct control over. It is not geared toward smaller sites hosted on shared servers.

Again, it may be possible to work around certain requirements (we do have customers who have done so), but unfortunately it is not an issue that we can assist our customers with.