May 21 2008
How are you meeting PCI Requirement 6.6?
The deadline for meeting requirement 6.6 of the PCI-DSS is quickly coming up, June 30th as a matter of fact. So how is your business meeting with this requirement? Do me a favor and take this quick poll to let me know what you’re up to; it’s as completely anonymous as anything on the Internet can be, but I’m curious how people and companies are taking this requirement. Something to remember, whether you’re a Level 1 merchant or a Level 4 ‘mom and pop’ store, you’re still responsible for meeting this requirement.
For more information on meeting PCI 6.6, read the PCI Security Council guidance here.
Edit: I’m just having a bad day and the poll doesn’t seem to be working. I’ll try again when I have the time to deal with it. Please leave a comment instead of taking the poll.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
We’ve been using NetScaler/Teros for a while now. It’s a beast of a box and a swiss army knife for most PCI requirements.
Technically the ‘deadline’ for compliance is set by the ASV and is not the same as this June 30th date. This date is to say that if you are submitting a questionnaire for compliance after June 30th, you either have to have code scanning/review built into your SDLC, or need to have an application firewall in place.