PCI Compliance Help
- or -
Post a project like this- Posted:
- Proposals: 5
- Remote
- #1814663
- OPPORTUNITY
- Awarded
Description
Description of requirements/features: Security / PCI Specialist needed.
Our website needs to be PCI Compliant but it has failed a PCI scan with 3 issues:
1. SSL 64-bit Block Size Cipher Suites Supported (SWEET32) 443 / tcp / www
CVE-2016-2183, CVE-2016-6329
2. SSL Medium Strength Cipher Suites Supported 443 / tcp / www
3. MySQL Server Detection 3306 / tcp / mysql
I need these issues to be fixed so the website can pass PCI Compliance.
CMS and Admin requirements: I will provide access to the site and all hosting as required.
Extra notes:
Simon H.
98% (32)New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
You cannot just "singly" make your website PCI compliance, it is an ever-going process and you need your employees to be compliant who operate on the portal, your Datacentre where your server is hosted needs PCI DSS compliance, then your Network is audited for compliance, you need hardware firewall and all.
Then comes audit of your server on which it is hosted, the software platform you use (ecommerce suite, etc) and then comes the code and Database to be compliant.
Then you have to choose your compliance Levels based on your annual transactions, and the audit needs to be repeated quarterly/annually as per the level you are on.
Why not just use a Payment gateway like Stripe/Paypal, put your site on SSL and just use them in a secure way so that you don't store any payment info on your site. It is much less hassle and cost.
Just my 2 cents...
Good luck