PCI DSS 3.0 is here, and from what I can see it appears that companies are scrambling to get the pieces in place to appease their assessors. One of those biggies is new requirement 9.9, which switches from a best practice to a requirement in the middle of this year. If you are just now starting to take a look at how this will affect your compliance programs, I’m afraid to say that you are behind.
There are plenty of resources available for you to get into the technical, nitty-gritty components of this requirement. What I found was missing was a business discussion on the options your firm has to meet this requirement. I’m happy to announce a new whitepaper entitled Preventing Terminal Tampering, An Examination of the Business Impacts of Requirement 9.9 that aims to present those business issues with options to address them.
How do you plan on coping with requirement 9.9? Place some comments below!