Solved

Wireless networks & PCI

Posted on 2014-07-29
1
183 Views
Last Modified: 2014-11-26
We are currently going through a PCI compliance project and I wanted to know IF our wireless network was IN-SCOPE. The PCI standard says that wireless systems connected to the CDE environment are in-scope; however, the wireless network in our environment would only have HTTPS access to the web server in the CDE -- the same access as someone from the Internet. Having said that, is our wireless network IN-SCOPE? Why or why not? Thanks in advance!
0
Comment
Question by:nsgguy245
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 2

Accepted Solution

by:
dshin10 earned 500 total points
ID: 40227000
Take a look at this:

https://www.pcisecuritystandards.org/pdfs/PCI_DSS_Wireless_Guidelines.pdf

Page 5,6,7

If the wireless access point is wired to the inscope CDE environment, then those wireless clients are inscope, if the wireless access point is not wired to the inscope CDE environment but has logical access through TCP/IP to the inscope CDE environment, then it is not PCI compliant.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange in house vs office 365 for security 6 70
Red Hat Satellite report generator 4 46
firewall log 4 59
Antivirus software for Exchange Mail servers 13 78
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
A hard and fast method for reducing Active Directory Administrators members.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question