PCI DSS

What Constitutes a Primary Function for PCI DSS?

PCI DSS requirement 2.2.1.a says “describe how system configurations verified that only one primary function per server is implemented.”

Read More

PCI DSS

Timely update of Risk Assessment and Incident Response for PCI DSS

The PCI DSS compliance model depends on risk assessment and mitigation. Several places in the Report on Compliance (ROC), that a QSA compiles, ...

Read More

PCI DSS

Watch those Vendor Application Change Release Notes like a Hawk!

At a client site recently I was watching a customer service rep as she performed her duties during a PCI DSS interview, and noticed that when ...

Read More

PCI DSS

Due Diligence for PCI DSS Vendor Selection

PCI DSS Requirement 12.8 dictates that any organization involved in payment card processing—including merchants, processors, acquirers, issuers, ...

Read More

PCI DSS

PCI DSS - Are Mobile Applications In-scope?

Say you are interested in developing an application that runs on consumers’ devices and this application of yours will be used to accept payment ...

Read More

PCI DSS

Your 7 Step PCI Compliance Checklist

The journey towards payment card industry data security standard (PCI DSS) compliance can seem daunting. While there are only a handful of ...

Read More

PCI DSS, Security Program

I never touch Cardholder Data. So PCI DSS does not apply to me - Right?

Payment cards have been around a long time, and nefarious schemes to take advantage of them have been around almost as long. Since most people ...

Read More

PCI DSS

The Best Ways to Maintain Your Organization's PCI DSS Documentation

Becoming compliant with payment card industry data security standard (PCI DSS) protocols can be a time-consuming process — but it’s a ...

Read More

PCI DSS

5 Reasons a Qualified Security Assessor Should Validate Your PCI DSS

For businesses that store, process, and transmit cardholder data, you know that you must comply with the Payment Card Industry Data Security ...

Read More

PCI DSS

When does PCI Compliance Start?

The GDPR mantra of security and privacy “by design and by default” reminds us that in every respect of a new product program security and ...

Read More