PCI DSS 1.2 - Anti-virus for *all* platforms


As I wrote yesterday on the summary of changes to PCI DSS 1.2 coming October 1st to a city near you.

Requirement 5: Clarified that requirement for use of anti-virus software applies to all operating system types.

I was a little surprised because the prevailing wisdom that only Anti-virus protection applies to Microsoft windows platform really applied for PCI.

While still on the “marathon morning” webinar this morning: Graham Cluley (his blog is here) of Sophos had an excellent and informative presentation “Viruses and Spam in 2008 - A look a the current security landscape and future trends”

Two Items of note related to PCI DSS and Anti-virus:


See: http://www.sophos.com/pressoffice/news/articles/2008/06/machovdyA.html


See: [http://www.sophos.com/pressoffice/news/articles/2008/02/rstbtool.html](http://www.sophos.com/pressoffice/news/articles/2008/02/rstbtool.html


I would say that the risk is low to OSX and Linux, but we are seeing attacks in 2008 on these platforms which does make the PCI DSS 1.2 Anti-Virus requirement clarification more reasonable. Expect to see AV for Linux, Mac and other platforms products being marketed towards the end of this year and 2009 and on.


Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now