So here it is, PCI SSC has officially released the final version of PCI DSS v3.2 standard document. PCI DSS v3.1 will retire after six months from now and organizations are required to use PCI DSS v3.2 for assessments during this period. The newly added requirements will be considered best practices till 31st January 2018. […]
Compliance to the PCI DSS standard is mandatory for all entities which store, process or transmit card-holder data associated with Visa, Mastercard, American Express, Discover and JCB. As part of this compliance the council requires organizations to undergo periodic assessments and evaluations. Vulnerability Assessments and Penetration Testing (VAPT) is a vital part of this requirement. Network […]
Network segmentation plays a vital role while complying with the Payment Card Industry Data Security Standard. Effective segmentation helps in reducing the scope of assessment, cost and risk to data security. The PCI DSS standard recommends that networks which process, store or transmit card holder data should be segregated and segmented from network environments that […]
The Payment Card Industry Security Standards Council recently released their updated Information Supplement: Penetration Testing Guidance. The guidance document was last published in 2008 under the heading ‘Requirement 11.3 Penetration Testing’ The updated document marks a major difference in the approach taken by the PCI Council to clarify and educate stakeholders about the standard’s requirements […]
A recent dive into challenges faced from privacy compliance requirements unearthed an interesting patent. The unearthing of this new patent on the block came from the need of anonymizing data for several reasons including compliance (PCI DSS, German Data Privacy Law [BDSG], UK Data Privacy Act).
