Is my SmartVPS PCI compliant?
Q: Is my VPS with Brownrice PCI compliant?
A: Your Brownrice SmartVPS is PCI Ready. This means that the base VPS, as we spin it up from our template, has been hardened and will pass PCI scans out of the box.
However, this does not mean that your VPS with your website and content on it will pass scans.
-----
Q: If I fail a PCI scan, can Brownrice help me get a passing server scan?
A: If you fail a server scan please contact Brownrice support. Our support staff will make sure you are on the latest PCI Ready template and everything is fully up to date.
From there you can re-scan the site and it will usually pass.
In some cases with custom applications, or depending on the scanner, some additional work might need to be done. In these cases we have additional monthly PCI services available, and once signed up for our monthly vulnerability scan support and server remediation service we'll ensure that you get a passing scan.
This is a monthly service, which means that if your site requires monthly or quarterly scans that we'll maintain your scan compliance for you. If the scanner finds any issues with your website that need attention, we can also work with your developer to help get those issues resolved.
-----
Q: Is there anything else (in addition to passing server scans) that I need to become PCI compliant?
A: Yes. A passing server scan is only one piece of the puzzle when it comes to making your business PCI compliant. Fortunately we have a whole suite of PCI services and are here to assist you with the entire process. Here are the main things that you will need:
- Passing server-side scans (see above)
- Completion of the PCI SAQ (a 180+ question self answered questionnaire) for your business type and payment methods.
- Documentation, including various security policies, employee policies/training, and whatever else your particular SAQ requires.
- A suite of security tools installed on your server, including malware detection (Maldet / ClamAV), rootkit detection (RKhunter), FIM (File Integrity Monitoring), SIEM (Security Information and Event Management), IDS (intrusion detection system), and connection to a central logging server to meet current requirements.
- Maintan a monthly server audit/review, reviewing the output of said security software, as well as a general server/log review to ensure no bad guys have gotten in.
-----
Q: That sounds like a lot, can Brownrice manage this all for me?
A: Yes!, We have an entire suite of monthly PCI services and will handle all of it for you. Pelase contact our support for more information, we'll ask you a series of questions regarding your business, accepted payment methods, and practices and can give you a detailed quote on what it will take to get you compliant.