Tags Archives#PCI2.0

Updated Prioritized Approach standard

The PCI Security Standards Council released an updated Prioritized Approach document for PCI DSS 2.0 on Tuesday with associated tools and change documentation. I posted about the version of this document made to address PCI DSS 1.2 in 2009, and many of my comments still carry forward with this version. But let me take a moment to refresh the content as more than two years have passed since the original post. First off, it’s 2011. PCI has been enforced in the US with fines since 2007, and now globally in the last year1. This isn’t our first rodeo, as it were. So what kinds of companies would be interested in using this document? Companies doing M&A activity might be very ...

Continue Reading

PCI 2.0 is now Effective! standard

The PCI Security Standards Council announced today that PCI DSS 2.0 is now effective. What does this mean for you as a company that must comply with PCI DSS? First, don’t panic. PCI DSS v1.2.1 is still valid until the end of 2011. If you are working on project plans to finalize compliance against this version, continue to do so, and start working on your PCI 2.0 plans. Your acquirer can provide specific guidance on exactly when you need to send them a validated 2.0 Report on Compliance. Next, you should have a gap analysis done against the new standard—sooner rather than later (I happen to know a team of folks that would be GREAT at this….). While there are ...

Continue Reading

Scoping Fun with PCI DSS 2.0 standard

OK, so as you can see from the comments, my post yesterday generated a bit of controversy. I must apologize for the 1.3.3 miss as I did my initial research after a long night of, um, networking at the PCI Community Meeting in Orlando. That post was put together with haste over the last three days, while trying to review and decipher some passionately scrawled chicken scratch. I went back and responded to the comments (no editing, it’s all there), and wanted to talk about another significant change I didn’t discuss yesterday. Page 10 of PCI DSS 2.0 adds quite a bit of text into the Scoping guidance that QSAs and assessees use to determine the correct scope for their ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!