This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM & Qualys Guard PCI-DSS scan ?

Hi guys,

I have a task of providing the PoC (proof of concept) on replacing TMG with Sophos UTM in a bank that is certified for PCI-DSS compliance.
UTM will be used only with Web Protection and Webserver Protection modules active.

Anyone implemented or using a UTM in that kind of environment ?

This thread was automatically locked due to age.

Parents

0 Ari Maniatis over 10 years ago

Sophos UTM is not PCI-DSS compliant if you enable the RED device support. So you'll want to avoid that.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Ari Maniatis over 10 years ago

Sophos UTM is not PCI-DSS compliant if you enable the RED device support. So you'll want to avoid that.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 BrucekConvergent over 10 years ago in reply to Ari Maniatis

Sophos UTM is not PCI-DSS compliant if you enable the RED device support. So you'll want to avoid that.

Incorrect. The issue with the "weak" RED cert was resolved with the release of 9.3xx. by default the certs are 2048 bits in size now. I have fixed this issue for a couple of customers already.

If you have REDs that you have already deployed under an earlier version, there are some steps you have to take to redeploy them to take advantage of this patch; contact your reseller or support for more details.
Cancel
Vote Up 0 Vote Down

Cancel