21 Apr
2014
21 Apr
'14
1:20 p.m.
On Mon, 21 Apr 2014 12:10:31 -0400, Lee Howard said:
"Methods used to meet the intent of this requirement may vary depending on the specific networking technology being used. For example, the controls used to meet this requirement may be different for IPv4 networks than for IPv6 networks." https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf
Based on my experience with compliance auditors, they won't understand many of the words in this sentence, and will assume NAT and RFC1918.
So there's the *real* problem in a nutshell. People think we're supposed to hobble our networks with crap design just because the auditors can't get their industry's shit together.