Seven Deadly Sins of a QSA (Part 6) standard
Sin #2 – Compensating Control Chaos Compensating controls are a challenging and somewhat confusing nuance to PCI DSS. In Chapter 12 of PCI Compliance: Understand and Implement Effective PCI Compliance I delve into this perceived “Get out of jail free” card. Many companies have found this a useful guide for creating compensating controls during their PCI DSS journey ((This chapter is freely available at our book’s website,http://www.pcicompliancebook.info/.)). Compensating controls are designed to allow companies to meet the controls laid out in PCI DSS in alternate ways. For example, a company that cannot put Secure SHell (SSH) on all of their routers and switches due to technical constraints may be able to do something different that would meet requirements for a ...
Continue Reading