Currently I'm looking into implementing mod_security on all our apache servers. The installation on CentOS 5.5 comes directly with the
"Core Rule Set" by the mod_security devs (curiously Debian and Ubuntu do not carry these)
They also offer the Enhanced Rule Set for mod_security in a commercial package
The main point there in their info link is the first point
Tracking Credit Card Usage as required by the Payment Card Industry Data Security Standard
However acc. to this wiki article ( http://en.wikipedia.org/wiki/Payment...urity_Standard
) that specific requirement isn't stated anywhere, as well as my colleague who's working on the PCI-DSS compliance for our code/servers/etc. mentioned that he hasn't heard of this specific requirement either.
So my question would be if anyone has any experience with their ERS package and if it's needed for the PCI-DSS compliance compared to the requirements given in bullet points @ wiki article.
Any info is greatly appreciated, thanks