PCI DSS compliance

Mike Schleif mike at mdsresource.net
Wed Nov 9 16:08:56 CET 2016


During our current annual PCI DSS audit, our auditor complains that a human
being can access the company's private key and, thus, a human being can
decrypt sales files containing credit card information.

All production processes are fully automated and run as non-privileged user.

We use GPG encryption for all file exchanges between this company and
banks, and between vendors/clients and this company. The latter is the
issue.

What can be done about this?

Please, advise. Thank you.

~ Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20161109/32437786/attachment-0001.html>


More information about the Gnupg-users mailing list