- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- PCI Compliance
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-23-2008 07:07 AM
тАО06-23-2008 07:07 AM
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-23-2008 08:03 AM
тАО06-23-2008 08:03 AM
Re: PCI Compliance
The general underpinnings are mostly in the OpenVMS Guide to System Security (available on the OpenVMS www site at http://www.hp.com/go/OpenVMS
I am not aware of an OpenVMS specific checklist for PCI, although the precise checklist should be deriveable from the precise checklist that is being used by your auditors (I am always careful in such situations to use the PRECISE checklist being asked, it does matter).
- Bob Gezelter, http://www.rlgsc.com
Author, "OpenVMS Security", Handbook of Information Security (H.Bidgoli, Ed., Wiley & Sons, 2006)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-23-2008 10:04 AM
тАО06-23-2008 10:04 AM
SolutionAbove and beyond the OpenVMS security manual and the NCSC Class C2 recommendations in the appendix of same cited earlier, some of the accepted security-related evaluation and documentation pointers, and a compliance-testing tool, are referenced here:
http://64.223.189.234/node/43
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-25-2008 09:56 AM
тАО06-25-2008 09:56 AM
Re: PCI Compliance
Can you also point me to an OpenVMS operating system hardening document? I've read the one from Rob McMillan at Queensland, but I want to research what other documents are available.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-25-2008 11:43 AM
тАО06-25-2008 11:43 AM
Re: PCI Compliance
I noticed you are new here, so let me begin with
WELCOME to the VMS forum!
As a Dutchie, I am not really familiar with USA regulation specifics, so I will refrain from comments apart from the general "VMS is by default already more secure than 'more popular' OSes can be made".
But I like to point out
http://forums1.itrc.hp.com/service/forums/helptips.do?#33
for the way to say "Thanks" to the ones you consider have been helpfull to you.
Proost.
Have one on me.
jpe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-25-2008 02:09 PM
тАО06-25-2008 02:09 PM
Re: PCI Compliance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-25-2008 02:34 PM
тАО06-25-2008 02:34 PM
Re: PCI Compliance
This is a really serendipidous post! I JUST went through this same issue. We just passed SAS/70 type II AND PCI audits and I had to prove both TRU-64 and OpenVMS on Alpha were compliant. I have documentation I can probably share with you after a little clean-up and I'm happy to share my experience with you if it could help. Very few PCI auditors have much experience with VMS and at least for me, it took a good bit of handholding and education from me to get over their "bias of ignorance". You can contact me off forum using jack at cybermill dot com
Jack
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-25-2008 07:15 PM
тАО06-25-2008 07:15 PM
Re: PCI Compliance
Here's the link to a tag I've scattered around the site, as well.
64.223.189.234/taxonomy/term/9
As for hardening a system, there's no set and no single answer. A truly secure computer system is an entirely unusable system, after all.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-01-2008 03:09 PM
тАО07-01-2008 03:09 PM
Re: PCI Compliance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-01-2008 11:07 PM
тАО07-01-2008 11:07 PM
Re: PCI Compliance
http://en.wikipedia.org/wiki/PCI_DSS
There already was a question once about scanning all files for card number and other security info.
Wim