From: Burnett, Robert (burnettr@Fortrex.com)
Date: Tue Jun 21 2005 - 14:24:13 EDT
Yes. For the most part, it hasn't been too difficult. Occasionally,
the PCI risk categories can be a little frustrating because there is
some room for interpretation, or there may be a vuln that doesn't seem
to fit exactly into one of the following categories:
Urgent - Trojan Horses, file read and writes exploit, remote command
execution
Critical - Potential Trojan Horses, file read exploit
High - Limited exploit of read, directory browsing and denial of service
(DoS)
The "Limited exploit of read" phrase is one that can sometimes make it
difficult for me to classify a vuln, but as I said before, it's only
occasionally that I have issues.
Is there a particular finding that you are having difficulty with, or
were you just posing a general question?
-Robert
-----Original Message-----
From: ctodude@yahoo.com [mailto:ctodude@yahoo.com]
Sent: Tuesday, June 21, 2005 11:37 AM
To: pen-test@securityfocus.com
Subject: nessus to PCI
Has anyone had any luck mapping nessus results to the Payment Card
Industry (PCI) Data Security standard?
-----------------------------------------------------------------
Confidentiality Notice
The content of this communication, along with any attachments,
is covered by federal and state law governing electronic
communications and may contain confidential and legally privileged
information. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination,
distribution, use or copying of the information contained herein is
strictly prohibited. If you have received this communication in
error, please immediately contact us by telephone at (301) 977-6966
or e-mail info@fortrex.com. Thank you.
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:26 EDT