Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PCI Compliance for ASP.NET in Azure Unattainable

Status
Not open for further replies.

KnowItAllmost

Programmer
Apr 3, 2009
23
US
I am once again going through the hoops of getting one of my customer's sites certified for PCI compliance. I have been doing this for many years, and it keeps getting harder and harder, but since we moved the web site to an Azure cloud App, it is impossible.

I can address most issues, and have been able to skirt the requirement that the servers not have TLS1.0 enabled for a few years, but it is getting harder.

Now, we are failing the PCI scan because the scan results insist that our Azure website is running on Windows Vista, and they also insist that we are also running on Windows Server 2003. This contradiction does not seem to faze anyone at the PCI scan company.

I have asked Microsoft and responded to the finding indicating that Microsoft has assured us that the Windows Azure platform does NOT run on Windows Vista and/or Windows Server 2003.

Their response? "Prove it!"

So, How do I prove to the PCI compliance people that Windows Azure does not run on a mix of Windows Vista and Windows Server 2003? Any ideas?
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top