PCI DSS 1.2 - Anti-virus for *all* platforms

Aug

Posted (db) in General on August-19-2008

As I wrote yesterday on the summary of changes to PCI DSS 1.2 coming October 1st to a city near you.

Requirement 5: Clarified that requirement for use of anti-virus software applies to all operating system types.

I was a little surprised because the prevailing wisdom that only Anti-virus protection applies to Microsoft windows platform really applied for PCI.

While still on the "marathon morning" webinar this morning: Graham Cluley (his blog is here) of Sophos had an excellent and informative presentation "Viruses and Spam in 2008 - A look a the current security landscape and future trends"

Two Items of note related to PCI DSS and Anti-virus:

See: http://www.sophos.com/pressoffice/news/articles/2008/06/machovdyA.html

See: http://www.sophos.com/pressoffice/news/articles/2008/02/rstbtool.html

I would say that the risk is low to OSX and Linux, but we are seeing attacks in 2008 on these platforms which does make the PCI DSS 1.2 Anti-Virus requirement clarification more reasonable. Expect to see AV for Linux, Mac and other platforms products being marketed towards the end of this year and 2009 and on.

Comments:

Auntie AntiVirus on September 23rd, 2008 at 2:29 pm #

Putting Antivirus on a hardened secured high availability Unix system. Such as a database cluster is not a good idea.

About

Recent Posts

Blogroll

Links

Categories

Archives

Meta