Our servers and PCI compliance

The requirements for PCI compliance change frequently, and we keep up with those changes on specific servers. Since the configuration required for strict PCI compliance requires the disabling or removal of many older technologies, we maintain a number of separate "hardened servers" that are PCI compliant.
 
Because many sites still make use of the older technologies that are not allowed on a PCI compliant server, it is not typically possible for a site to achieve PCI compliance on our regular web servers.
 
If you need to be on a PCI compliant server, please let us know and we can arrange to migrate your site to one of our hardened servers.
 
 
Bear in mind that the server configuration is only one part of PCI compliance for a website. Compliance assessment includes a number of things, many of which are related to how your application handles and stores data, who in your organization has access to that data, etc., things that are unrelated to the server itself.
 
So a non-compliant site will fail a PCI scan on an otherwise compliant server. The scanning company will tell you what needs to be fixed should your site fail a scan, and we'll certainly work with you if any of the issues are server related.