Kaseya Community

Kaseya & PCI compliance

  • Has anyone had experience with Kaseya and PCI compliance? A few of larger clients are subject to PCI compliance and fall under PCI audit requirements levels 3 & 4 and we are finding some of the language could be interpreted to indicate a traditional Kaseya server /agent MSP model would not be compliant. I'd love to have a brief conversation with anyone who's been through PCI compliance already and is using Kaseya.

    Some of the questions that have come up are:

    Can a traditional shared Kaseya server agent model be used in the "card holder data environment"?

    Is a completely separate Kaseya server needed (to avoid "hosting provider" scrutiny)?

    Requirement 1.2.1 states
    Verify that inbound and outbound traffic is limited
    to that which is necessary for the cardholder data
    environment, and that the restrictions are documented .
    -Anyone had justify to the auditors that Kaseya is “necessary traffic”

    Legacy Forum Name: Kaseya & PCI compliance,
    Legacy Posted By Username: camorton
  • We use Kaseya in a retail environment with agents installed on point of sale PC's.

    We have monthly PCI related penetration tests that include some of those machines, along with our Kserver. The tests have not thrown any flags regarding Kaseya, but they did flag when regular RDP was enabled on the workstations.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: pohara