We help IT Professionals succeed at work.

PCI Compliance

webiis
webiis asked
on
1,855 Views
Last Modified: 2013-11-16
What remote access software is PCI Compliant?  VNC/ RDP ?
Comment
Watch Question

Security Samurai
CERTIFIED EXPERT
Top Expert 2006
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Good information MikeHolcomb.

Do you know if outlook RPC over HTTPS is PCI Compliant?
If that is then I will be happy.
I would imageing if it's https you should be able to have web outlook? port 443
Rich RumbleSecurity Samurai
CERTIFIED EXPERT
Top Expert 2006

Commented:
There are no PCI regulations about email or email encryption, it's about protecting Personally Identifiable/Credit Card information using security best practices. Please read the spec sheet I linked to above. If you have credit-card data being sent via email, it should not be plain-text from recipient or to reciever, OWA access is only checking your mail via https, so the emails themselves (as I'm sure you know) are still sent very very plain text. Your original question was about remote access, do you have RDP or VNC open on the outside public IP space? You can, there are ways you can make that PCI compliant, but it's not unless there are some added security measures. PCI isn't a strict rule-book, it allows for compensating controls, so if it's requiring you to have two-factor authentication for VPN users, and you use a whitelist of your users home IP's and only use username/password for VPN, you can still pass PCI because of the compensating control using the whitelist ACL for instance.
-rich

Author

Commented:
good info guys.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.