{"id":2430,"date":"2013-05-03T00:00:00","date_gmt":"2013-05-03T00:00:00","guid":{"rendered":"http:\/\/otava.test\/pci-ready-not-enough-for-pci-compliance\/"},"modified":"2013-05-03T00:00:00","modified_gmt":"2013-05-03T00:00:00","slug":"pci-ready-not-enough-for-pci-compliance","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/","title":{"rendered":"PCI-Ready? Not Enough for Fully Compliant PCI Hosting"},"content":{"rendered":"

Obscure marketing lingo happens to the best of us, and one of those potentially deceptive terms, when it comes to compliant hosting, is <insert your compliance>-ready. Whether it\u2019s PCI-ready, or HIPAA-ready, it\u2019s a key indicator that the hosting provider using the term is not actually compliant, or that they may not provide all of the technical and managed services needed to help your company meet compliance.<\/p>\n

For example: if your PCI hosting provider<\/a> lists \u2018log monitoring\u2019 as a managed service within your PCI compliant hosting package, it might not actually fulfill the complete requirement. PCI standard 10.3 requires that you:<\/p>\n

\n

Record at least the following audit trail entries for all system components for each event – a whole list of events follow, including user ID, type of event, data and time, success or failure indication, etc.<\/p>\n<\/blockquote>\n

But the requirement 10.6 also requires log review:<\/p>\n

\n

Review logs for all system components at least daily. Log reviews must include those servers that perform security functions like intrusion-detection system (IDS) and authentication, authorization, and accounting protocol (AAA) servers (for example, RADIUS).<\/p>\n<\/blockquote>\n

Going beyond automated logging, which a PCI-ready hosting provider might offer, is the need for either you or your provider to review and analyze logs daily. This is a time-consuming burden that might be better outsourced if possible – which is possible, as long as you avoid the PCI-ready solutions out there that don\u2019t actually give you everything you need, such as daily log review<\/a>.<\/p>\n

\"Daily<\/p>\n

Offsite backup and disaster recovery are two services often overlooked by those that need to meet PCI compliance, despite the clear requirements for a data backup plan, disaster recovery plan, emergency mode operation plan, testing and revision procedures, and application and data criticality analysis (9.5 and 12.9.1).<\/p>\n

\"PCI<\/p>\n

PCI requirement 9.5 calls for backups to be stored in a secure location and preferably in an offsite location\/facility, or data center. Auditors need to review the physical security of a PCI compliant data center<\/a> to ensure proper authorization, control access and environmental controls are all in place for the highest standards of security.<\/p>\n

Why pay for an incomplete solution and have to fill in the gaps? Don\u2019t settle for PCI-ready, strive for fully PCI compliant with all of the essential managed services, and know which PCI standards your provider can fulfill vs. where you need to pick up the slack.<\/p>\n

This handy chart of PCI compliant services matched with each of the PCI requirements can help you determine what can be solved with a PCI compliant hosting solution:<\/p>\n\n\n\n\n\n\n\n\n\n\n\n
PCI Requirements<\/strong><\/td>\nPCI Compliant Services<\/strong><\/td>\n<\/tr>\n
10.6: <\/strong>Review logs for all system components at least daily.
\n10.3: <\/strong>Record at least the following audit trail entries for all system components for each event – including user ID, type of event, data and time, success or failure indication, etc.
\n10.7: <\/strong>Retain audit trail history for at least one year, with a min. of three months immediately available for analysis (online, archived, or restorable from back-up).<\/td>\n		\"daily-log-review\"<\/a>Daily Log Review<\/strong><\/a>
\nMonitoring and analyzing user and system activity can help detect patterns of normal use and potentially malicious users. Daily log review is the process of regularly reviewing and reporting on log activity.While some providers may offer logging (tracking user activity, transporting and storing log events), Online Tech provides the complete logging experience with daily log review, analysis, and monthly reporting.<\/td>\n<\/tr>\n
10.5.5: <\/strong>Use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts.
\n11: <\/strong>Deploy file integrity monitoring tools to alert personnel to unauthorized modification of critical system files, configuration files or content files. Configure the software to perform critical file comparisons at least weekly.<\/td>\n		\"file-integrity-monitoring\"<\/a>File Integrity Monitoring (FIM)<\/strong><\/a>
\nMonitoring your files and systems provides valuable insight into your technical environment and provides an additional layer of data security. File integrity monitoring (FIM) is a service that can monitor any changes made to your files.<\/td>\n<\/tr>\n
6.6: <\/strong>For public-facing web applications, ensure:Verify that public-facing web applications are reviewed (using either manual or automated vulnerability security assessment tools or methods), as follows:<\/p>\n
    \n
  • At least annually and after any changes<\/li>\n
  • By an organization that specializes in application security<\/li>\n
  • That all vulnerabilities are corrected, and the application is re-evaluated after corrections<\/li>\n<\/ul>\n

    Verify that a web-application firewall is in front of public-facing web applications to detect and prevent web-based attacks.<\/td>\n

\"web-application-firewall\"<\/a>Web Application Firewall (WAF)<\/strong><\/a>
\nProtect your web servers and databases from malicious online attacks by investing in a web application firewall (WAF). A network firewall\u2019s open port allows Internet traffic to access your websites, but it can also open up servers to potential application attacks (database commands to delete or extract data are sent through a web application to the backend database) and other malicious attacks.<\/td>\n<\/tr>\n
8.3: <\/strong>Incorporate two-factor authentication for remote access (network-level access originating from outside the network) to the network by employees, administrators, and third parties.(For example, remote authentication and dial-in service (RADIUS) with tokens; or other technologies that facilitate two-factor authentication.<\/td>\n\"two-factor-authentication\"<\/a>Two-Factor Authentication<\/strong><\/a>
\nOnline Tech offers two-factor authentication for VPN (Virtual Private Network) access as an optimal security measure to protect against online fraud and unauthorized access for clients that connect to their networks from a remote location.\u00a0<\/strong><\/td>\n<\/tr>\n
11.2: <\/strong>Run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades).<\/td>\n\"vulnerability-scanning\"<\/a>Vulnerability Scanning<\/strong><\/a>
\nVulnerability scanning checks your firewalls, networks and ports. It is a web application that can detect outdated versions of software, web applications that aren\u2019t securely coded, or misconfigured networks.<\/td>\n<\/tr>\n
6.1: <\/strong>Ensure that all system components and software are protected from known vulnerabilities by having the latest vendor-supplied security patches installed. Install critical security patches within one month of release.<\/td>\n\"patch-management\"<\/a>Patch Management<\/strong><\/a>
\nWhy is patch management so important? If your servers aren\u2019t updated and managed properly, your data and applications are left vulnerable to hackers, identity thieves and other malicious attacks against your systems.<\/td>\n<\/tr>\n
5.1: <\/strong>Deploy anti-virus software on all
\nsystems commonly affected by malicious
\nsoftware (particularly personal computers
\nand servers).
\n5.2: <\/strong>Ensure that all anti-virus mechanisms are current, actively running, and generating audit logs.<\/td>\n		\"anti-virus\"<\/a>Antivirus<\/strong><\/a>
\nAntivirus software can detect and remove malware in order to protect your data from malicious attacks. Significantly reduce your risks of data theft or unauthorized access by investing in a simple and effective solution for optimal server protection.<\/td>\n<\/tr>\n
4.1: <\/strong>Use strong cryptography and security protocols (for example, SSL\/TLS, IPSEC,SSH, etc.) to safeguard sensitive cardholder data during transmission over open, public networks.<\/td>\n\"ssl-certificate\"<\/a>SSL Certificate<\/strong><\/a>
\nIn order to safely transmit information online, a SSL (Secure Sockets Layer) certificate provides the encryption of sensitive data, including financial and healthcare. A SSL certificate verifies the identity of a website, allowing web browsers to display a secure website.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

References:
\nPayment Card Industry Data Security Standard, Requirements and Security Assessment Procedures, Version 2.0<\/a> (PDF)<\/p>\n

Other PCI DSS resources:
\nPCI Compliant Hosting FAQ<\/a>
\nFour Ways to Gain Transparency with PCI Hosting Providers<\/a>
\nPCI Compliant Hosting White Paper<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Obscure marketing lingo happens to the best of us, and one of those potentially deceptive terms, when it comes to compliant hosting, is <insert your compliance>-ready. Whether it\u2019s PCI-ready, or HIPAA-ready, it\u2019s a key indicator that the hosting provider using the term is not actually compliant, or that they may not provide all of the technical and managed services needed to help your company meet compliance. For example: if your PCI hosting provider lists \u2018log monitoring\u2019 as a managed service within your PCI compliant hosting package, it might not actually fulfill the complete requirement. PCI standard 10.3 requires that you: Record at least the following audit trail entries for all system components for each event – a whole list of events follow, including user ID, type of event, data and time, success or failure indication, etc. But the requirement 10.6 also requires log review: Review logs for all system components at least daily. Log reviews must include those servers that perform security functions like intrusion-detection system (IDS) and authentication, authorization, and accounting protocol (AAA) servers (for example, RADIUS). Going beyond automated logging, which a PCI-ready hosting provider might offer, is the need for either you or your provider to review…<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-2430","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"\nPCI-Ready? Not Enough for Fully Compliant PCI Hosting | OTAVA<\/title>\n<meta name=\"description\" content=\"To be fully compliant in PCI you'll need to be ready on all fronts including backkups, daily log reviews, file integrity monitoring...\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PCI-Ready? Not Enough for Fully Compliant PCI Hosting\" \/>\n<meta property=\"og:description\" content=\"To be fully compliant in PCI you'll need to be ready on all fronts including backkups, daily log reviews, file integrity monitoring...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2013-05-03T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/dailylogreview.png\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"PCI-Ready? Not Enough for Fully Compliant PCI Hosting\",\"datePublished\":\"2013-05-03T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/\"},\"wordCount\":1166,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/dailylogreview.png\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/\",\"url\":\"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/\",\"name\":\"PCI-Ready? Not Enough for Fully Compliant PCI Hosting | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/dailylogreview.png\",\"datePublished\":\"2013-05-03T00:00:00+00:00\",\"description\":\"To be fully compliant in PCI you'll need to be ready on all fronts including backkups, daily log reviews, file integrity monitoring...\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/#primaryimage\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/dailylogreview.png\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/dailylogreview.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"PCI-Ready? Not Enough for Fully Compliant PCI Hosting\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"PCI-Ready? Not Enough for Fully Compliant PCI Hosting | OTAVA","description":"To be fully compliant in PCI you'll need to be ready on all fronts including backkups, daily log reviews, file integrity monitoring...","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/","og_locale":"en_US","og_type":"article","og_title":"PCI-Ready? Not Enough for Fully Compliant PCI Hosting","og_description":"To be fully compliant in PCI you'll need to be ready on all fronts including backkups, daily log reviews, file integrity monitoring...","og_url":"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/","og_site_name":"OTAVA","article_published_time":"2013-05-03T00:00:00+00:00","og_image":[{"url":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/dailylogreview.png","type":"","width":"","height":""}],"author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"PCI-Ready? Not Enough for Fully Compliant PCI Hosting","datePublished":"2013-05-03T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/"},"wordCount":1166,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"image":{"@id":"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/#primaryimage"},"thumbnailUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/dailylogreview.png","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/","url":"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/","name":"PCI-Ready? Not Enough for Fully Compliant PCI Hosting | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/#primaryimage"},"image":{"@id":"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/#primaryimage"},"thumbnailUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/dailylogreview.png","datePublished":"2013-05-03T00:00:00+00:00","description":"To be fully compliant in PCI you'll need to be ready on all fronts including backkups, daily log reviews, file integrity monitoring...","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/#primaryimage","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/dailylogreview.png","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/dailylogreview.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/pci-ready-not-enough-for-pci-compliance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"PCI-Ready? Not Enough for Fully Compliant PCI Hosting"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2430","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2430"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2430\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2430"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2430"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2430"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2430"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}