PCI DSS VPN issues
Received an interesting message from an end user the other day...
We are a large website that deals with a user's credit card data and therefore must be PCI (Payment Card Industry) compliant. Some of our workstations are running Windows 2008 Server 64-bit which the Cisco VPN client doesn't support. However, your NCP VPN client does!
Our own network administrators have informed us that using another client against our Cisco VPN server would violate PCI compliance. I'm not sure if this is the actual picture or just a part of the picture.
Do you have any knowledge of why our scenario would violate PCI compliance?
Can anyone help us understand PCI compliance stipulations around VPNs? Is there something in there about using different vendors for client and server?