Blog

PCI DSS

What Constitutes a Primary Function for PCI DSS?

PCI DSS requirement 2.2.1.a says “describe how system configurations verified that only one primary function per server is implemented.”

Read More

PCI DSS

Watch those Vendor Application Change Release Notes like a Hawk!

At a client site recently I was watching a customer service rep as she performed her duties during a PCI DSS interview, and noticed that when she went to add a new payment method, a whole list of saved card numbers (redacted) showed up in the PAN

Read More

PCI DSS

Due Diligence for PCI DSS Vendor Selection

PCI DSS Requirement 12.8 dictates that any organization involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers—must have policies and procedures in place to manage its service providers.

Read More

PCI DSS, Security Program

I never touch Cardholder Data - Does PCI DSS Apply to me?

Payment cards have been around a long time, and nefarious schemes to take advantage of them have been around almost as long. Since most people do not read the legal agreements they sign up to, they are unaware of their real responsibilities towards

Read More

PCI DSS

When does PCI Compliance Start?

The GDPR mantra of security and privacy “by design and by default” reminds us that in every respect of a new product program security and privacy are expected to be baked in from the very beginning. This means product requirement documentation,

Read More

PCI DSS

5 Tips for Becoming PCI DSS Compliant

The Payment Card Industry Data Security Standard (PCI DSS) is required by contract for those handling cardholder data, whether you are a startup or a global enterprise.

Read More

PCI DSS

Changes to SAQs for PCI DSS v3.2.1

Last month I wrote about the new PCI DSS standard version 3.2.1 and how nothing of significance had changed. Though that remains true, the supporting documents have now been released, and they include a change that may impact your compliance and

Read More

PCI DSS

What's new in PCI DSS 3.2.1

In May 2018, the PCI Security Standards Council, the authors of the PCI DSS standard, issued a new version of that standard - version 3.2.1. Let's review the changes from 3.2 to 3.2.1

Read More

PCI DSS, SOC2, CISO, vCISO, HIPAA, CIS Controls, Security Program

7 Advantages of using a "virtual CISO" (vCISO)

A growing trend in the world of Cyber Security is companies outsourcing of some or all of their Information Security teams. This can be just a small part, like vulnerability management, vendor risk management, or responding to customer

Read More

PCI DSS, Security Program

Secure Coding 201: Does it Exist?

I constantly hear that recent computer science graduates have not even been introduced to the notion of secure coding. They may have been taught to program in half a dozen different languages and styles, but their assignments have never been run

Read More

info@truvantis.com

+1 (415) 422-9844

    © 2022 Truvantis, Inc All Rights Reserved.

    Privacy Policy    Terms of Service