KnowItAllmost
Programmer
I am once again going through the hoops of getting one of my customer's sites certified for PCI compliance. I have been doing this for many years, and it keeps getting harder and harder, but since we moved the web site to an Azure cloud App, it is impossible.
I can address most issues, and have been able to skirt the requirement that the servers not have TLS1.0 enabled for a few years, but it is getting harder.
Now, we are failing the PCI scan because the scan results insist that our Azure website is running on Windows Vista, and they also insist that we are also running on Windows Server 2003. This contradiction does not seem to faze anyone at the PCI scan company.
I have asked Microsoft and responded to the finding indicating that Microsoft has assured us that the Windows Azure platform does NOT run on Windows Vista and/or Windows Server 2003.
Their response? "Prove it!"
So, How do I prove to the PCI compliance people that Windows Azure does not run on a mix of Windows Vista and Windows Server 2003? Any ideas?
I can address most issues, and have been able to skirt the requirement that the servers not have TLS1.0 enabled for a few years, but it is getting harder.
Now, we are failing the PCI scan because the scan results insist that our Azure website is running on Windows Vista, and they also insist that we are also running on Windows Server 2003. This contradiction does not seem to faze anyone at the PCI scan company.
I have asked Microsoft and responded to the finding indicating that Microsoft has assured us that the Windows Azure platform does NOT run on Windows Vista and/or Windows Server 2003.
Their response? "Prove it!"
So, How do I prove to the PCI compliance people that Windows Azure does not run on a mix of Windows Vista and Windows Server 2003? Any ideas?