What restrictions, if any, exist over source code repository management under PCI-DSS?
-
12-11-2019 - |
Question
What restrictions, if any, exist over source code repository management under PCI-DSS?
The company I work at wants to develop a credit card processing service for clients hosted under our network. At the moment we're using SVN for version control. It's secured so that only the developers who need checkout/commit access have it. Meanwhile I was planning on moving from SVN to HG. However, the security team has expressed reservations about using a distributed SCM tool due to lack of access control on remote clones. Specifically, they claim this would violate PCI-DSS compliance. Does it?
No correct solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow