I agree, but what choice do you have. The bank charges me an additional £50 on my merchant account if I am not compliant. Nice earner for them!

robertb24 wrote: I agree, but what choice do you have. The bank charges me an additional £50 on my merchant account if I am not compliant. Nice earner for them!

I've been through two PCI audits, and the firm for whom I worked made extensive use of SNMP. SO, you (and your auditor) are mis-understanding the requirements.

Further, you quote the CVE exploits to which your SNMP daemon is susceptible. Disabling SNMP is not the long-term solution. Patching your SNMP daemon (with updates supplied by your OS / network vendor) is the correct way.

I'm sorry to say this, but it seems a significant amount of clue is missing from the OP.

drummerjohn wrote: So true... PCI is the biggest money spinning waste of time I have ever encountered. All leveraged by the banks.

Dare I attempt to defend PCI DSS, but in theory PCI is actually a good attempt by the industry to implement ISO27001 standards on firms. This can only be a good thing.

it's a box ticking exercise.