The PCI Security Standards Council has released a new Information supplement for PCI DSS Risk Assessment Guidelines. Organizations planning and performing a risk assessment in accordance with PCI DSS 12.1.2 can use the information supplement to help identify threats and the associated vulnerabilities that could jeopardize the security of payment card data.
PCI Special Interest Groups (SIGs) are Council-led groups made up of industry stakeholders that focus on addressing the need for additional guidance and clarifications or improvements to the PCI Standards and supporting programs. PCI DSS Requirement 12.1.2 requires organizations to establish a formal process for identifying threats and vulnerabilities that could negatively impact the security of cardholder data. By performing this risk assessment, businesses are better equipped to determine the appropriate controls for reducing the likelihood and/or the impact of potential threats to their business.