Is the Council Trying to Kill the QSA Program? standard
If you can believe, it has been nearly seven years since the last update to the Qualification Requirements for Qualified Security Assessors (QSAs). This document is the guide that assessors use in their business dealings with the Council. It explains how a firm can become a QSA Company, who is qualified to be a QSA employee, and how the ecosystem works around that whole group. The changes are quite substantial, as evidenced by the change log. The last entry, for 1.2, simply stated alignment issues with PCI DSS v1.2. This version has nineteen entries, including alignment with PCI DSS v3.1. I’m not going to review all the changes here, but I do want to highlight a couple of big changes. ...
Continue Reading