undefined | Better HN

0 points_Codemonkeyism8y ago0 comments

This would definitely help. Although I think SOX (my compliance days are long gone) is mostly concerned about controls to change data, it might be relevant to access production data. Not sure about PCI and HIPAA.

0 comments

2 comments · 1 top-level

Artemis28y ago· 1 in thread

Definitely not good for PCI DSS. Requirement 6.4 reads:

  Examine policies and procedures to verify the following are defined:
  • Development/test environments are separate from production environments with access control in place to enforce separation.
  • A separation of duties between personnel assigned to the development/test environments and those assigned to the production environment.
  • Production data (live PANs) are not used for testing or development.
  • Test data and accounts are removed before a production system becomes active.
  • Change control procedures related to implementing security patches and software modifications are documented.

_CodemonkeyismOP8y ago

Thanks, now I remember from my PCI DSS days.

j / k navigate · click thread line to collapse