PCI Question Related to ISC Bind Backport
We recently had to change PCI compliance providers. We've always scanned as compliant. With the new providers first scan, they provided a list of violations all related to Bind that violated PCI compliancy. I had indicated that it was backported and provided the text from the changelog to prove so. They just had one question for me that I don't know how to answer:
Are you getting that backported software and patches for ISC BIND from RedHat?
PS: We are using CloudLinux release 7.9 (Boris Yegorov) in a Cent OS 7 environment and cPanel Version 110.0.14.
Kindly let me know what the correct response is.
Thanks!
-
Hey there! I think the best answer would be "yes, but in a roundabout way." You aren't using anything directly from RedHat, but CloudLinux 7 is build on the RedHat/CentOS system. That honestly seems like a silly question to ask, in my opinion, as they should be aware of your operating system and the package details from that changelog output you provided. 0 -
Hey there! I think the best answer would be "yes, but in a roundabout way." You aren't using anything directly from RedHat, but CloudLinux 7 is build on the RedHat/CentOS system. That honestly seems like a silly question to ask, in my opinion, as they should be aware of your operating system and the package details from that changelog output you provided.
Thanks! They escalated it for review. We'll see what happens...0 -
Let me know! There isn't much we can do on our end, but I'm interested to see what they end up saying. 0
Please sign in to leave a comment.
Comments
3 comments