On May 14, 2008, at 4:08 AM, pete.hill (at) sit-up (dot) tv [email concealed] wrote:
> Hi there,
>
>
> I am currently running through a PCI program at my company and am
> looking for recommendations on an email encryption tool.
>
>
> We currently use a licensed version of Winzip, but I have heard that
> this may not be up to job as far as passing a PCI DSS audit is
> concerned.
Email encryption wouldn't generally be in scope for a PCI audit unless
you're emailing credit card info. In general your best bet would be
to avoid this.
If you do need email encryption s/mime or PGP are generally the way to
go.
>
> Is Winzip good enough? and if not, what should we be using to get a
> pass on this?
It sounds like you are actually looking for file encryption, but the
files maybe transported via email as well. PGP offers file encryption
as well.
> Hi there,
>
>
> I am currently running through a PCI program at my company and am
> looking for recommendations on an email encryption tool.
>
>
> We currently use a licensed version of Winzip, but I have heard that
> this may not be up to job as far as passing a PCI DSS audit is
> concerned.
Email encryption wouldn't generally be in scope for a PCI audit unless
you're emailing credit card info. In general your best bet would be
to avoid this.
If you do need email encryption s/mime or PGP are generally the way to
go.
>
> Is Winzip good enough? and if not, what should we be using to get a
> pass on this?
It sounds like you are actually looking for file encryption, but the
files maybe transported via email as well. PGP offers file encryption
as well.
[ reply ]