cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PCI-DSS | Security - Impacting System | out-of-band management | in-scope,out-of-scope

Highlighted
New here

PCI-DSS | Security - Impacting System | out-of-band management | in-scope,out-of-scope

Hi i'm asking because of the topic PCI-DSS in-scope/out-of-scope for PCI-DSS 3.2.1.

 

Meraki itself is already certified right? But what happens with the admin-workstations connecting to the Meraki Dashboard? I think there are in-scope because there are Security - Impacting System arent they?

Do they need to be audited as-well?

 

Thanks in advance & Best Regards!

2 REPLIES 2
Highlighted
Kind of a big deal

Re: PCI-DSS | Security - Impacting System | out-of-band management | in-scope,out-of-scope

Lots of useful info here https://documentation.meraki.com/MR/Other_Topics/PCI_Compliance_with_Meraki

 

I don't believe Meraki gets certified as much as it is making sure your configuration is PCI compliant.  PCI doesn't operate like FIPS. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
Highlighted
New here

Re: PCI-DSS | Security - Impacting System | out-of-band management | in-scope,out-of-scope

Hi, i have already read those documents. Meraki is already PCI 3.2 audited/certified/compliant as written in your document. You/we do need the Attestation of Compliance if i want to use Meraki (for the Cloud/Dashboard etc) and get my environment PCI-compliant.

 

So, my question is still open, the document you linking to is nice, but only way to generic.

 

Thanks in advance

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.