Ok, so basically I was going to post something here about PCI (Payment Card Industry Security Standard Council) compliance, but it turned out more into a helpful post that provided some assistance that is apparently not out there. You can view this post by going to my other site.
The basic gist of it is that attempting to become PCI compliant in the first place was a task and continuing to keep up with their requirements has proven not to be a difficult thing to DO, just a difficult thing to keep up with. The changes can sometimes come swiftly and in bursts and the companies that are PCI compliance certified scanners use commercial scanning products (such as Nessus which is available for free for home use as well as commercial use without the update feed, or OpenVAS which is open source much like Nessus was before they went commercial). The problem with this is that there are still false positives for security measures... This causes a lot of unneeded stress to be sure!
Anyways, enough boring crap. Go to my site if you want to read about it or if you need help with your "SSL weak cipher" failures for your PCI compliance.
Take care,
B
