Tag Archives: PCI Compliance

Security Awareness training is required by PCI DSS

I often write about security awareness training, but it bears repeating periodically.  Cyber security awareness training is required by some standards – the PCI DSS is pretty specific about requiring it.  Security awareness training for the general employee population on at least an annual basis is a good idea.  More technical training for IT or […]

Wireless Checklist for PCI Compliance

While I have typically seen merchants and service providers opt to segment their wireless network from the cardholder data environment to keep it out of PCI compliance scope entirely, sometimes, this is not feasible.  Here is a quick checklist of what is needed when implementing a wireless network as part of your cardholder data environment […]

PCI Council Changes the Rules for PA-DSS Minor Changes

The PCI Council recently released version 2.0 of the PA-DSS Program Guide, available here, which includes a significant change with regards to the definition of a “minor change” and what it means to Payment Application Vendors.  Certain types of changes that would have previously required a complete revalidation of the payment application can now be addressed […]

Reducing the Scope for PCI Compliance

The PCI DSS is comprised of over 200 specific requirements, including technical, administrative and policy controls; for this reason, the first consideration when approaching PCI compliance is determining exactly which parts of the environment have to be included within the PCI compliance scope and which do not, based upon the scoping rules provided by the […]