AnsweredAssumed Answered

How to handle EOL or obsolete software with regards to PCI?

Question asked by Robert Barrow on Mar 15, 2017

Hi, I have a customer who is running an EOL version of a CMS. The CMS in question has been heavily customised  and so can't be simply upgraded to the next clean version.

 

My question is how do I handle that for PCI compliance. I understand that EOL software is a instant fail but in this case the software has been heavily modified. How would I go about making a case for it with regards to PCI compliance.

 

I have already asked for evidence that the modifications cover known exploitable issue etc.

 

Any help would be greatly appreciated! 

Outcomes