On 4/18/14, 7:04 PM, Jeff Kell wrote:
PCI requirement 1.3.8 pretty much requires RFC1918 addressing of the computers in scope...
It does not 1.3.8 Do not disclose private IP addresses and routing information to unauthorized parties. Note : Methods to obscure IP addressing may include, but are not limited to: Network Address Translation (NAT) Placing servers containing cardholder data behind proxy servers/firewalls or content caches, Removal or filtering of route advertisements for private networks that employ registered addressing, Internal use of RFC1918 address space instead of registered addresses. from version two with further explication https://www.pcisecuritystandards.org/documents/navigating_dss_v20.pdf version 3 https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf
has anyone hinted at PCI for IPv6?
If by hinted at you mean deployed in pci compliant environments then yes.
Jeff