0

I have bought PCI Compliant Security Policies and Procedures document from pcipolicy. Their written policies are ok.However, document does not help me on procedures. They just give the same suggestions with the https://www.pcisecuritystandards.org/

My question is anyone ever purchase them and how good are they? I am interested in purchasing documents from pcipolicyportal, do you suggest?

4

1 回答 1

0

由从未见过您拥有的系统并且不知道您如何管理系统的人编写的程序除了打勾外不太可能非常有用。此外,虽然该框可能会询问您是否有程序,但如果程序不能反映您如何运行系统,那么可能会被有兴趣的 QSA 拒绝。

您可以考虑在几个月内创建程序文档的方法 - 每次执行任务时,记录您执行的步骤。

PCI 的程序不必采用给定的格式或样式,它们只需要显示足够的信息以使程序(例如,您如何进行系统修补)可以被理解。

于 2012-08-20T10:23:44.280 回答