Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 3310 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PCI-DSS Compliance

ShineSystems

Hi.

As part of our customers PCI-DSS audit, we are implementing more rigorous data protection rules. One thing that they would like to do is run a one time scan of all computers running Sophos AV to check that there are no unencrypted credit card numbers being stored (in spreadsheets etc). 

I know that I can create rules to stop data being copied to/from machines and within emails etc but once the rules are configured, do these also apply to scheduled scans?

Thanks


Phil

:51640


This thread was automatically locked due to age.
Parents
  • 0

    Hello Phil,

    Data Control kicks in when static data (i.e. the contents of a file) is about to be transferred written to removable storage (this does not include computer to computer copy) or read by certain applications (this does not prevent e.g. copy/paste). Thus the rules are not applied by a scheduled scan.

    OTOH there's no reason that a scheduled scan couldn't do this other than that it's not implemented. Well, of course :smileyhappy: - but implemented meaning all it has to do is mimicking the call made by the on-access scanner. Here it gets complicated though as different rules might apply to different destinations and ideally the scanner would have to support an anyDestination.

    Haven't found you (if I have guessed your company correctly) in the Sophos Partner list, nevertheless I'd suggest that you contact Sophos directly. I'd be surprised if such a tool wouldn't exist - naturally (I'm neither Sophos nor a partner) I can't say whether such a tool would be made available and if, on what conditions.

    Christian

    :51660
Reply
  • 0

    Hello Phil,

    Data Control kicks in when static data (i.e. the contents of a file) is about to be transferred written to removable storage (this does not include computer to computer copy) or read by certain applications (this does not prevent e.g. copy/paste). Thus the rules are not applied by a scheduled scan.

    OTOH there's no reason that a scheduled scan couldn't do this other than that it's not implemented. Well, of course :smileyhappy: - but implemented meaning all it has to do is mimicking the call made by the on-access scanner. Here it gets complicated though as different rules might apply to different destinations and ideally the scanner would have to support an anyDestination.

    Haven't found you (if I have guessed your company correctly) in the Sophos Partner list, nevertheless I'd suggest that you contact Sophos directly. I'd be surprised if such a tool wouldn't exist - naturally (I'm neither Sophos nor a partner) I can't say whether such a tool would be made available and if, on what conditions.

    Christian

    :51660
Children
No Data