Meraki Community

Axtion · ‎Sep 26 2018

Hi i'm asking because of the topic PCI-DSS in-scope/out-of-scope for PCI-DSS 3.2.1.

Meraki itself is already certified right? But what happens with the admin-workstations connecting to the Meraki Dashboard? I think there are in-scope because there are Security - Impacting System arent they?

Do they need to be audited as-well?

Thanks in advance & Best Regards!

Adam · ‎Sep 26 2018

Lots of useful info here https://documentation.meraki.com/MR/Other_Topics/PCI_Compliance_with_Meraki

I don't believe Meraki gets certified as much as it is making sure your configuration is PCI compliant. PCI doesn't operate like FIPS.

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

Axtion · ‎Sep 26 2018

Hi, i have already read those documents. Meraki is already PCI 3.2 audited/certified/compliant as written in your document. You/we do need the Attestation of Compliance if i want to use Meraki (for the Cloud/Dashboard etc) and get my environment PCI-compliant.

So, my question is still open, the document you linking to is nice, but only way to generic.

Thanks in advance

Meraki Community

PCI-DSS | Security - Impacting System | out-of-band management | in-scope,out-of-scope

PCI-DSS | Security - Impacting System | out-of-band management | in-scope,out-of-scope