Need Help Answering PCI Compliance Questions

My credit card processor is requiring their customers to go through a PCI compliance questionnaire and Scan. The questions are pretty basic but I can't find answers for them in the forums or KB.

- Does Discount ASP.net use a firewall that restricts access to the web servers? I'm sure the answer is yes, I just can't find it anywhere.

- Does Discount ASP.net apply security patches (Windows updates) within 30 days of being issued? Can I check up on those patches anywhere?

Any help with these questions would be appreciated!

 

One additional question came up -

Does Discount ASP.net do internal vulnerability scans? (I guess this is opposed to an external internet scan which I have Trustwave doing).

 

Yes, yes and yes. If we didn't do those things we wouldn't qualify to process credit card transactions ourselves.

We do not maintain a public list of server updates, per se (though the outage and maintenance forum should list them all - but I understand those are not usually terribly detailed). We have an internal list of every change made to every server, so if you ever need a specific date for something or to know if something was done, just ask support.

 

I figured as much but I just wanted to be sure so I was answering the questions truthfully.

Thanks for your help; my DiscountASP.NET service continues to be awesome!