Best Practices to keep the server PCI compliant

Hi Guys

I wish to have a discussion about things we need to take care to make a entire server PCI compliant like all services Exim/Dovecot/Nginx/Apache etc .

Mainly I wish to have a discussion on the Ciphers and what all strong ciphers we should use at the moment to have a server PCI complaint so that it will be a help for all others as well if we use this forum periodically so that this thread will become a reference point for all those who need latest set of details. One thing we need to do is remove all old protocols except TLS1.2 and only use TLS1.2 and higher.

How much care we should give while disabling a Protocol or removing one or some set of Ciphers from the services like EXIM/Dovecot etc .



"

I too would be interested in this.

Something that we can use to scan all of our servers to see how PCI compliant the web facing software is on the server. And something we can routinely check, so that we can stay on top of server related PCI issues.

Unfortunately, this won't stop someone from storing credit card information in plain text in a text file or database on the server. That's what the PCI survey is for.

But to get an idea of what TLS ciphers may be problematic or things as they relate to the server's well-being, that would be nice to have.

Ideally something free or low cost that can be run every 3 to 6 months for each server to make sure it's staying compliant.