Are DiscountASP.NET's servers PCI compliant?
PCI compliance is only partially related to server security. The larger part of compliance rests on how you handle and protect data. Since that aspect is dependent on the site owner, strictly speaking, it cannot be said that a server itself is or is not PCI compliant.
Generally speaking however, our IIS 7 servers are PCI compliant (though we may have to make some changes to the typical default IIS configuration to accommodate the PCI scan, please contact technical support for details). If your account is on an older IIS 6 server and
your site requires PCI compliance, please see below for information regarding migrating your site to an IIS 7 server.
Does DiscountASP.NET offer PCI Certification Service?
Through a partnership with McAfee we can offer our customers a substantial discount on McAfee Secure™ PCI certification service. The service includes initial PCI certification, regular vulnerability scans of your web site and the ability to display the McAfee Secure™ trustmark. For details and a link to sign up, see the
Marketplace page in Control Panel.
Can you help me meet PCI compliance requirements?
Due to the different methodologies employed by various PCI certification companies, there are inherent difficulties in obtaining PCI compliance for a site on any shared hosting platform. You may be able to work with the company doing the testing to bypass some requirements, but DiscountASP.NET cannot assist you in completing a PCI Self-assessment Questionnaire, nor can we make any configuration changes to our web servers to satisfy a PCI requirement.
Vulnerability scans done by a third party may highlight certain issues that they consider security "failures," but in all likelihood are necessary aspects of shared hosting (certain open ports, etc.).
Again, it may be possible to work around certain requirements (we do have customers who have done so), but unfortunately it is not an issue that we can assist our customers with. We recommend the McAfee Secure™ PCI certification service mentioned above, as they have provided service to many of our customers and we know that our servers meet their requirements.
Migrating from IIS 6 to IIS 7 for PCI compliance
Due to changes in PCI compliance
requirements and some inherent limitations of the IIS 6 platform, it has
become impossible to pass the scan for compliance when a site is
running on IIS 6. Unfortunately, if your site requires PCI compliance
you must move it to an IIS 7 server.
We can perform the actual migration of your site to one of our Windows 2008/IIS 7 servers. Migration
includes moving your files, updating DNS, etc., but any configuration
(directories set as application root, etc.) will not carry over, so you
should
assume that some adjustments will have to be made post-migration.
Most ASP applications should work on both IIS 6 and IIS 7. But it is
important to note that some ASP.NET applications may require
modifications before they will work properly on IIS 7.
If you
have NOT tested your current site in Windows 2008/IIS 7 we do not
recommend migration until you have had a chance to test the effects of
the migration.
If you wish to proceed, please visit this Control Panel page to
begin the migration.Article ID: 319, Created On: 11/20/2008, Modified: 10/14/2011