PCI DSS compliance
Mike Schleif
mike at mdsresource.net
Wed Nov 9 17:16:09 CET 2016
During our current annual PCI DSS audit, our auditor complains that a human
being can access the company's private key and, thus, a human being can
decrypt sales files containing credit card information.
All production processes are fully automated and run as non-privileged user.
We use GPG encryption for all file exchanges between this company and
banks, and between vendors/clients and this company. The latter is the
issue.
What can be done about this?
Please, advise. Thank you.
~ Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20161109/166abfca/attachment.html>
More information about the Gnupg-users
mailing list