Not necessarily - it depends on where SSL is being used that is under the purview of PCI. PCI itself doesn't impose this requirement, but your auditors may. Something else to consider is that disabling SSLv2 will cause client compatibility issues. Also, unless you're passing or processing PII or related data via your email (silly idea in the extreme), PCI doesn't have any governance there. Jim From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Bret Hanson Sent: Saturday, June 19, 2010 9:35 AM To: 'isalist@xxxxxxxxxxxxx' Subject: [isalist] Re: ISA - Exchange and PCI Compliance So is it safe to say SSLv2 and the weak ciphers need to be disabled on the ISA box only? From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Saturday, June 19, 2010 11:21 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: ISA - Exchange and PCI Compliance ..and http://blogs.technet.com/b/isablog/archive/2010/03/24/meet-pci-compliance-with-hyperguard-solution-by-a-forefront-tmg-business-partner.aspx From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Stefaan Pouseele Sent: Wednesday, June 16, 2010 8:31 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: ISA - Exchange and PCI Compliance Check out http://blogs.isaserver.org/pouseele/2007/05/19/require-128-bit-encryption-for-https-traffic-with-isa-server-2006-part3/ HTH, Stefaan From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Bret Hanson Sent: woensdag 16 juni 2010 17:23 To: 'isalist@xxxxxxxxxxxxx' Subject: [isalist] ISA - Exchange and PCI Compliance We are running ISA 2006 EE publishing Exchange 2007 OWA & Outlook Anywhere. Recently we had a vulnerability scan done by a 3rd party as required by the Pay Card Industry (PCI). The report came back with two problems on the public IP of the mail server. 1. SSLv2 Supported 2. SSL Weak Encryption Algorithms Researching a solution to this issue has made me even more confused. Some say this needs to be fixed on the ISA box and other say on both. Anyone else dealt with this - can ya help a guy out? Thanks! Bret