Meraki

Community

PCI-DSS | Security - Impacting System | out-of-band management | in-scope,out-of-scope

Axtion
Just browsing
‎Sep 26 2018 8:17 AM
‎Sep 26 2018 8:17 AM

PCI-DSS | Security - Impacting System | out-of-band management | in-scope,out-of-scope

Hi i'm asking because of the topic PCI-DSS in-scope/out-of-scope for PCI-DSS 3.2.1.

 

Meraki itself is already certified right? But what happens with the admin-workstations connecting to the Meraki Dashboard? I think there are in-scope because there are Security - Impacting System arent they?

Do they need to be audited as-well?

 

Thanks in advance & Best Regards!

0 Kudos
2 Replies 2
Adam
Kind of a big deal
‎Sep 26 2018 9:22 AM
‎Sep 26 2018 9:22 AM

Lots of useful info here https://documentation.meraki.com/MR/Other_Topics/PCI_Compliance_with_Meraki

 

I don't believe Meraki gets certified as much as it is making sure your configuration is PCI compliant.  PCI doesn't operate like FIPS. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
0 Kudos
In response to Adam
Axtion
Just browsing
‎Sep 26 2018 10:40 PM
‎Sep 26 2018 10:40 PM

Hi, i have already read those documents. Meraki is already PCI 3.2 audited/certified/compliant as written in your document. You/we do need the Attestation of Compliance if i want to use Meraki (for the Cloud/Dashboard etc) and get my environment PCI-compliant.

 

So, my question is still open, the document you linking to is nice, but only way to generic.

 

Thanks in advance

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.