PCI DSS Version 3.2 Released – Summary of Changes

So here it is, PCI SSC has officially released the final version of PCI DSS v3.2 standard document. PCI DSS v3.1 will retire after six months from now and organizations are required to use PCI DSS v3.2 for assessments during this period. The newly added requirements will be considered best practices till 31st January 2018. […]

PCI DSS Compliance Calendar – Activities and Checklist

Compliance to the PCI DSS standard is mandatory for all entities which store, process or transmit card-holder data associated with Visa, Mastercard, American Express, Discover and JCB. As part of this compliance the council requires organizations to undergo periodic assessments and evaluations. Vulnerability Assessments and Penetration Testing (VAPT) is a vital part of this requirement. Network […]

PCI DSS Segmentation Assessment

Network segmentation plays a vital role while complying with the Payment Card Industry Data Security Standard. Effective segmentation helps in reducing the scope of assessment, cost and risk to data security. The PCI DSS standard recommends that networks which process, store or transmit card holder data should be segregated and segmented from network environments that […]

PCI DSS Penetration Testing Guidance

The Payment Card Industry Security Standards Council recently released their updated Information Supplement: Penetration Testing Guidance. The guidance document was last published in 2008 under the heading ‘Requirement 11.3 Penetration Testing’ The updated document marks a major difference in the approach taken by the PCI Council to clarify and educate stakeholders about the standard’s requirements […]