SAP Short Dumps and PCI Compliance
We've run into an issue with our PCI Compliance audit around being able to see unencrypted credit cards in short dump messages in SAP. Has anyone run into this issue?
Only work around I've got at this point is to restrict all access to short dumps and require many documented signoffs before turning on and off access to a short dump. This is pretty cumbersome, and still leaves a hole in my overall security.
We've managed to purge restricted CC data from our XI logging, and done everything right with encryption, but this short dump issue just doesn't seem to have a solution.
Can anyone help? We're on 6.0.