Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
RE: nessus to PCI
From: Dan Tesch (dan.teschcomcast.net)
Date: Wed Jun 22 2005 - 17:00:22 CDT
Even if Nessus was certified, MC/Visa have a Qualified Security Assessors
list that I believe you must choose from
as of 12/20/04 it was at
https://sdp.mastercardintl.com/vendors/vendor_list.shtml - you could use
Nessus for preliminary
scans though and I think that some of the "Qualified Assessors" may use
Nessus as I have seen things that suggest it
Unless you can get the Nessus Open Source Vulnerability Scanner project team
to certify Nessus with the Visa & MasterCard PCI program, I would not advise
using this tool for client engagements.
On 6/22/05, Vic N <vic778hotmail.com> wrote:
> Can you be more specific? Is this PCI 1.0? And are you talking about
> a specific section like section 1 or other sections?
> >Has anyone had any luck mapping nessus results to the Payment Card
> >(PCI) Data Security standard?
I know because I must know...