On Fri, Nov 13, 2009 at 10:59:34AM -0500, Matt McCants wrote:
> Does anyone here have PCI audits being done on their Debian boxes? The
I conduct (and remediate) PCI audits all the time. Your problem seems
political, not technical. PCI requires that systems be patched, not that
they are the latest-and-greatest software revisions.
Any audit process needs room for technical justification. If your boss
is using an audit as an excuse to ditch Debian for Red Hat...well, at
least he isn't trying to migrate you to Xandros.
Any good auditor should be able to provide you with an acceptable
remediation option. If you aren't being told what would remediate
whatever is making them unhappy, then you aren't getting your money's
worth, whether they are inside auditors our outside auditors.
"Oh, look: rocks!"
-- Doctor Who, "Destiny of the Daleks"
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org