There are two parts to CISP (PCI-DSS), PABP and PCI. PABP is an application level certification. As Bo stated (albeit slightly modified), PABP is specific to the software and not the operating system. PCI on the other hand, deals with merchant and data center compliancy and here the operating system can make a difference. Win 95/98 can be made PCI compliant but it does add a little more complexity, particularly when dealing with the "applying most recent security patches" section. This is an area where "compensating controls" may have to be used - like a secure gateway and/or third party intrusion detection software.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.