I'd like to make a payment system on AWS, but not sure about scoping because all our system admins can log in DBs on VPC via 2 factor authentication from "everywhere". From my home, Starbucks, and airports I can access DBs holding credit card numbers.
PCI DSS says the place where card data is handled is Card Data Enviroment, and requirements of physical security are applied. The problem is the places we log in are not limited...
Do you think there is a way to be compliant for us?
Aucun commentaire:
Enregistrer un commentaire