We hit half-million: The Cidr Report

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Wed Apr 30 16:30:51 UTC 2014

On Wed, 30 Apr 2014 15:40:43 -0000, Jamie Bowden said:

> You're not funny.  And if you're not joking, you're wrong.  We just went over
> this on this very list two weeks ago.

And in that discussion, we ascertained that what the PCI standard actually
says, and what you need to do in order to get unclued boneheaded auditors to
sign the piece of paper, are two very different things.

Yes, the PCI standard gives a list of 4 options and then continues on to
say that other creative solutions are acceptable as well.  But if you
discover mid-engagement that your auditor *thinks* it says "Thou shalt NAT",
you have a problem.

Anybody got recommendations on how to make sure the company you engage
for the audit ends up sending you critters that actually have a clue? (Not
necessarily PCI, but in general)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140430/47e7768a/attachment.sig>

More information about the NANOG mailing list