[AusNOG] Assistance and Access Bill moves to PJCIS
Christian Heinrich
christian.heinrich at cmlh.id.au
Mon Oct 22 13:03:47 EST 2018
Paul,
On Mon, Oct 22, 2018 at 11:32 AM Paul Wilkins <paulwilkins369 at gmail.com> wrote:
> I suppose auditors can qualify any report that mandated TCNs/TANs are excepted, but are you then "PCI Compliant"?
Not possible as this would be separate from the Cardholder Data
Environment (CDE) and the encryption of "data in transit" is PCI-DSS
Requirement 4.1.c.
If the definition of the CDE were to change in the future then a
"warrant canary" would signify this within the "Report on Compliance"
(RoC) or "Self Assessment Questionnaire" (SAQ).
--
Regards,
Christian Heinrich
http://cmlh.id.au/contact
More information about the AusNOG
mailing list