One auditor's perspective on what it means to soundly meet the gray requirements which include firewall rulesets, system hardening, SDLC, penetration testing, service party due diligence, auditing and logging.

Even if NetSPI isn't your auditor, some general guidance on these topics will better prepare you for your next discussion with your QSA.