PCI DSS Compliance for DSS 10.4 and its related controls.
If you need to create an IT Policy which says that “you use a provable instance of UTC(NIST) timescale and you get it from a reliable source”, this is your lucky day… “Certichron offers local instances of precision time services which are synchronized to the NIST UTC Time Scale so that clients who need to
Certichron announces its partnership with Relify Security. Relify is a well established provider of commercial consulting and security review services for banking, credit union and other PCI-DSS type clients as well as other Financial Providers.
PCI DSS 10.4 Compliance Services The PCI DSS 10.4 compliance mandates the use of NTP, the Network Time Protocol for the synchronizing of all of the systems used in commerce within those who the PCI DSS standards effect. Certichron's regionally deployed time-service center's addresses and enables the use of the same source of time across
Overview ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. Impact CVSS Severity (version 2.0): CVSS
CERT Alert for NTP Versions before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled. This directly impacts PCI DSS compliance practices using NTP with OpenSSL and autokey to identify end-nodes in NTP service topologies. CERT 2009-1252