[BBLISA] PCI compliance and Linux AV, was Re: Desktop policies and UNIX-ish operating systems
seph
seph at directionless.org
Fri Jan 29 13:04:29 EST 2010
Tal Cohen <tcohen at sitespect.com> writes:
> Re-read the PCI DSS 1.2 standard, it only requires the virus scans for
> systems that are commonly prone to vulnerabilities.
This is requirement 5.1. In version 1.1 this had a note saying:
Systems commonly affected by viruses typically do not include
UNIX-based operating systems or mainframes.
That note was removed for version 1.2.
How you interpret that is up to you and your auditors. Mine have a
different conclusion than you.
seph
More information about the bblisa
mailing list