Big Changes in Store for PCI DSS v4.0, and More!

September 20, 2019

This week I attended the PCI North American Community Meeting. If you are in the payment security space and haven’t been to a community meeting, I would recommend that you put this on your conference schedule. It’s great to connect with like-minded individuals, including card brands, banks, large customers, vendors, and yes, assessors – both internal (ISAs)…

Read

PCI Requirements 101

September 12, 2019

Having completed several PCI-DSS (Payment Card Industry – Data Security Standard) Reports on Compliance (RoCs) over the past couple of years, I have noticed a consistent pattern on the items needed for the 12 requirements. I have found that there are three basic components to most if not all PCI requirements: Documentation (Policies, Standards, and…

Read
PCI logo

How to Reduce PCI Compliance Anxiety

January 8, 2019

What type of emotions are created in you when you hear the term ‘PCI?’ Anxiety? Possibly fear? For some, it may be disgust. Most favorably, some may feel a sense confidence or enthusiasm. Ok, I agree that enthusiasm is rarely listed as an emotion felt when hearing the term ‘PCI,’ although there may be someone…

Read
PCI update graphic

PCI v3.2.1 is here!

May 18, 2018

Version 3.2.1 of the PCI DSS was just released by the PCI Security Standards Council (PCI-SSC). As a minor version, it primarily included clarification updates and one correction to a requirement reference. Most of the changes center around the removal of the January 31st date, which expired this year. Appendix A2.1-A2.3 was updated to focus…

Read
TrustedSec Blogs + Articles logo

How to Choose a PCI QSA

February 12, 2018

As of writing this article, there are currently 378 PCI QSA Companies worldwide that are certified by the PCI Council. That is quite a selection to narrow your choices. So what do you look for in good qualities to partner with? What attributes do you form that basis on? Throughout this blog, we are going…

Read
TrustedSec Blogs + Articles logo

New PCI Controls and What You Should Know

February 7, 2018

It is finally here: the forward-dated controls that have been in existence since the release of version 3.2 of the PCI Data Security Standard, from April 2016. Hopefully, by now, you have had a chance to review them, but if you haven’t we are going to take a deep dive on each of the new…

Read
TrustedSec Blogs + Articles logo

PCI Inventory List of Assets

August 8, 2017

The Payment Card Industry Data Security Standard (PCI DSS) requires that an inventory of system components (PCI Req. 2.4: Complete Inventory List) is maintained. This requirement was a requirement as of PCI DSS 3.0. Good governance would suggest that maintaining these documents are part of the process of onboarding and offboarding applications, systems, etc. Maintaining…

Read

What’s new with PCI DSS 3.1?

May 15, 2015

We spend a lot of time dealing with the Payment Card Industry (PCI) Data Security Standard (DSS). This should come as no surprise, as for better or for worse, a lot of organizational security programs revolve around compliance with the PCI DSS. For those of you who aren’t PCI Qualified Security Assessors (QSAs), know that…

Read
  • Browse by Category

  • Clear Form