I am looking for a Web Host that is CISP/PCI compliant for Hosting an Informational Web Site - No transactions.
Our CC provider for our office says our host has to be compliant, so we need to get one that is. Our site is just words and pictures and links.
If anyone can provide a Web Host that can pass the security test to the PCI CISP level for a "NON TRANSACTION" web site, please pass on the name. WE were told our current Host failed the Security Metrics test.
If the reason is you will be storing credit card data on your website, this is a bad idea and all shared webhosts will fail the security check. Credit Card data needs to be stored behind a firewall with limited access to the data, including limited to what employees have access to it. Your provider should be able to give you the exact details you need.
Did you send the report to your hosting company? The may be able to fix the issue or let you know if it's a false positive. Don't go looking to change hosts over this, it's not a big deal to pass the test. Just give your host a chance to address the issue.
WeManageWindows.com - Launching November '07
Comprehensive Windows Server Management and Monitoring - 30-Day Money Back Guarantee
"Let us run your servers, so you can run your business"
Is there a list of what tests they perform. I'd be willing to let them test our servers. But.... I'm sure this has to do with your existing host being a shared hosting company. I'm sure what they're looking for is for you to have a vps or dedicated server.
I don't know all the tests they perform, but I did copy the failure report. I can send it if that would be any help. It mainly involves using the latest editions of software with the apporpriate patches, which I think would allow a shared hosting environment.