PCI DSS requirement 2.2.1.a says “describe how system configurations verified that only one primary function per server is implemented.”
The PCI DSS compliance model depends on risk assessment and mitigation. Several places in the Report on Compliance (ROC), that a QSA compiles, have questions about when the Risk Assessment, and its corollary, the Incident Response Plan, were last
At a client site recently I was watching a customer service rep as she performed her duties during a PCI DSS interview, and noticed that when she went to add a new payment method, a whole list of saved card numbers (redacted) showed up in the PAN
The case of the Marriott hack is, at once, an alarming prospect for the chain’s previous guests and an invaluable case study for any ...