RE: nessus to PCI

From: cdewitt@indepthsec.com
Date: Wed Jun 22 2005 - 16:50:07 EDT

• Next message: ofir@sys-security.com: "Whitepaper release: Risks of Passive Network Discovery Systems"
• Previous message: Michael Hammer: "Re: nessus to PCI"
• Maybe in reply to: Vic N: "nessus to PCI"
• Next in thread: Vic N: "RE: nessus to PCI"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

IMHO, Firms are certified through MC/Visa, not software. Firms that are
certified to perform PCI assessments use Nessus all the time. It's not
about the software - it's about the analysis.

cd...

-----Original Message-----
From: Mr Wizard [mailto:security.research.2005@gmail.com]
Sent: Wednesday, June 22, 2005 12:55 PM
To: pen-test@securityfocus.com
Subject: Re: nessus to PCI

Unless you can get the Nessus Open Source Vulnerability Scanner
project team to certify Nessus with the Visa & MasterCard PCI program,
I would not advise using this tool for client engagements.

Mr. Wizard.

On 6/22/05, Vic N <vic778@hotmail.com> wrote:
> Can you be more specific? Is this PCI 1.0? And are you talking about
a
> specific section like section 1 or other sections?
>
> >Has anyone had any luck mapping nessus results to the Payment Card
Industry
> >(PCI) Data Security standard?
>
>
>

-- 
I know because I must know...

• Next message: ofir@sys-security.com: "Whitepaper release: Risks of Passive Network Discovery Systems"
• Previous message: Michael Hammer: "Re: nessus to PCI"
• Maybe in reply to: Vic N: "nessus to PCI"
• Next in thread: Vic N: "RE: nessus to PCI"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:28 EDT