The PCI DSS is comprised of over 200 specific requirements, including technical, administrative and policy controls; for this reason, the first consideration when approaching PCI compliance is determining exactly which parts of the environment have to be included within the PCI compliance scope and which do not, based upon the scoping rules provided by the […]
On June 29, 2011 the PCI Security Council released a checklist outlining the types of payment applications that are eligible for PA-DSS validation:
The PCI Security Standards Council recently released new supplemental guidance (PDF) regarding PCI compliance considerations for the use of virtualization technologies.
The PCI Security Standards Council has released the new PCI DSS Quick Reference Guide, updated for the new version 2.0 of the Payment Card Industry Data Security Standard (PCI DSS).
One of the topics our team of QSA’s gets asked frequently is about what kind of language should be in PCI Service Provider contracts to meet the intent of PCI DSS requirement 12.8.2, which is as follows:
The PCI Council has published new guidance for Call Centers handling credit cards via telephone, especially when VoIP is used, and also addresses issues surrounding the storage of recorded calls.
QSA stands for Qualified Security Assessor, and they are certified by the PCI Security Standards Council. QSAs are tasked with providing guidance and validation to the DSS. QSAs are special in that they have been certified for their knowledge and ability to advise on the PCI DSS specifically. There are roughly 800 QSA individuals in North America […]
A quick note about PCI DSS compliance and scanning vs. penetration testing and PCI DSS 11.2 and 11.3. Often (too often) when I’m talking with organizations about their PCI compliance, they respond that they’re already compliant and they already have someone doing their quarterly scanning for them. That’s great, I say! Then I ask about […]
PCI DSS v2.0 has been released. So what now? Summary of Changes:
Common Misconceptions About PCI DSS Self-Assessment Questionnaires (SAQs). Is your organization PCI compliant? Are you sure?