There's no news coverage of the 10 or 50 or 500 person business that gets breached and loses cardholder data. Because the vast majority of internal networks are NOT secure, as we've learned over and over again for the past X years of breaches - and those are just the biggies. If these are already prepared in line with the recommendations and requirements set down in PCI DSS v3.2, then you're halfway there.īe under no illusions though - The second year is not plain sailing - Your organisation then has to demonstrate that it has followed or improved all procedures as they were during the initial audit at all times in the previous 12 months and that's often where failures occur! Obtaining PCI Compliance for the first time is a time consuming process - How difficult the process ultimately is for you, depends entirely on your assigned QSA and your established internal procedures for handling and securing CHD. Guidance for PCI DSS Scoping and Segmentation Opens a new window in the PCI Document Library. If this is the first time you've looked into PCI Compliance in a big way, you could do worse than start here Point To Point Encryption Solutions Opens a new window.Payment Applications Opens a new window.Approved PTS devices Opens a new window.If you don't already know, you can search for the versions of payment devices, software and suppliers on the PCI SSC site Opens a new window To make your life easier if you do undergo a compliance audit by a QSA, your organisation needs to obtain Attestation Of Compliance documentation for your payment applications and POS solution and ensure it matches that held by the PCI SSC (PCI Security Standards Council). Strictly control access to both CDE and CHD and provide evidence of procedures to support this.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |