From: Dan Tesch (dan.tesch@comcast.net)
Date: Wed Jun 22 2005 - 18:00:22 EDT
Even if Nessus was certified, MC/Visa have a Qualified Security Assessors
list that I believe you must choose from
as of 12/20/04 it was at
https://sdp.mastercardintl.com/vendors/vendor_list.shtml - you could use
Nessus for preliminary
scans though and I think that some of the "Qualified Assessors" may use
Nessus as I have seen things that suggest it
in logs.
Unless you can get the Nessus Open Source Vulnerability Scanner project team
to certify Nessus with the Visa & MasterCard PCI program, I would not advise
using this tool for client engagements.
Mr. Wizard.
On 6/22/05, Vic N <vic778@hotmail.com> wrote:
> Can you be more specific? Is this PCI 1.0? And are you talking about
> a specific section like section 1 or other sections?
>
> >Has anyone had any luck mapping nessus results to the Payment Card
> >Industry
> >(PCI) Data Security standard?
>
>
>
-- I know because I must know...
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:28 EDT