It depends on what level of PCI compliance you have to reach:
Level 1 - More than six million V/MC transactions annually across all
channels, including e-commerce - Annual Onsite PCI Data Security
Assessment and Quarterly Network Scans
Level 2 - 1,000,000 - 5,999,999 V/MC transactions annually - Annual
Self-Assessment and Quarterly Network Scans
Level 3 - 20,000 - 1,000,000 V/MC e-commerce transactions annually -
Annual Self-Assessment and Quarterly Network Scans
Level 4 - Less than 20,000 V/MC e-commerce transactions annually, and
all merchants across channel up to 1,000,000 VISA transactions annually
- Annual Self-Assessment and Annual Network Scans
Since you seem to be just getting started I'll assume that you're at one
of the Self-Assessment levels. The main focus will be on documentation
of procedures and defense of necessary services. PCI should give you a
checklist of what you'll need to look at and document. It's a lot more
work for the Windows boys than it is for us.
You can get more info and find some resources here:
http://www.msiinet.com/white-paper/compliance-guide/ (registration
required)
Regards,
Scott Ingvaldson
Senior IBM Support Specialist
Fiserv Midwest
-----Original Message-----
From: Mike Cunningham [mailto:mcunning@xxxxxxx]
Sent: Thursday, January 31, 2008 8:13 PM
To: 'Midrange Systems Technical Discussion'
Subject: PCI-DSS Compliance in an iSeries world
Has anyone on this list had to prove PCI-DSS credit card security
requirements in an iSeries centric business?
Mike Cunningham
CIO
Penn College
midrange.com
