SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Enthusiast
    Join Date
    May 2009
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    VPS Hosting-PCI Compliant?

    I know the deadline is coming up to become PCI Compliant and I currently use Shared Hosting and I know it's not PCI Compliant. I have heard the best way to be PCI Compliant is to change to Dedicated Hosting. I am looking at several options that are VPS Hosting though. Would these be PCI Compliant?

  2. #2
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Your choice of hosting cannot make you PCI compliant, it only allows you to meet some of the requirements to become compliant. Given you are not hosting your own servers in your own data center, if you accept any cardholder data through your website, you'll need to choose a host that meets all of the physical access-related requirements from video cameras to limiting and logging access to the building the servers are in, etc.

    There are 209 separate requirements you have to meet. I suggest you read through them first before planning your environment.

    https://www.pcisecuritystandards.org.../pci_dss.shtml

  3. #3
    SitePoint Member
    Join Date
    Jan 2010
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What Dan says is spot on.

    Also cross check potential hosts on senderbase, ordb, etc - if they've failed to nuke spammers, had tor nodes running, or open http proxies in their IP space, don't expect them to know how to set up anything secure enough to comply with PCI!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •