Do Mainframes Get A Pass? standard
When I first started doing PCI DSS work under the then CISP and SDP standards, one of the biggest problems I ran into was what to do with one of those fancy mainframes. In this job, you see ALL manner of mainframes. I’ve seen super shiny, brand new z/OS multiplexes to aging, but functional Tandems to an OS/390 system that literally had no changes performed on it in more than two years. How does anti-virus apply to those again? I recently fielded a question about mainframes, and if they still “get a pass” when it comes to certain requirements like anti-virus (Req 5), and encryption (Req 3.4). As is with most of PCI DSS interpretation questions, it certainly depends on ...
Continue Reading