PA-DSS requirement 12.1 and 12.2
Encrypt non-console administrative access
Maitre’D in itself does not offer any kind of remote access. However, when you install any kind of 3rd party remote access software or web-based solution, you must verify that the communications are fully encrypted using strong cryptography with technologies such as SSH, VPN, or TLS 1.1 or higher for encryption of any non-console administrative access to the Maitre’D application or servers within the cardholder data environment.
Maitre’D does not use any insecure services such as NetBIOS, file sharing, telnet or unencrypted FTP to manage the application.
As described in a previous section, use a software with multi-factor authentication and follow guidelines described in this section to encrypt all non-console administrative access.
Dernière mise à jour