Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I configure a PCI compliant development environment

Tags:

pci-dss

We need to be PCI compliant for some credit card processing we do. How do people do this in other shops?

How do you secure your SVN?

How do you secure your build server?

How does code get migrated from the developers to production?

like image 759
Peter Avatar asked Jan 22 '23 00:01

Peter


2 Answers

Not to detract from the other answer, but the other thing you do is limit the scope of compliance by walling off the systems that see or touch card data from the rest of your IT infrastructure. There should be no need for your SVN server or build server to comply with PCI requirements if there's no way for it to see cardholder data (of course, you must be able to show that this is actually a policy and not just an accident of how the network is set up)

like image 98
telent Avatar answered Jan 24 '23 13:01

telent


This is all the process of PCI compliance.

Take a look at: http://www.keross.com/pci-dss-requirements-version-1.2.html

Typically, you'd hire an external security company who would help you through this process.

-- edit:

That link not lasting for 3 years, as requested I have googled "PCI DSS Compliance" to obtain: https://www.pcisecuritystandards.org/security_standards/index.php

like image 23
Noon Silk Avatar answered Jan 24 '23 14:01

Noon Silk