thePCI Portal

Author: Ed

Does using telnet for admin always require at least a compensating control?

The PCI Guru has an article about an issue with PCI DSS requirement 2.3.b https://pciguru.wordpress.com/2017/06/09/we-need-a-change-to-2-3-b/ Reminder of what 2.3.b is about: 2.3.b Review services and parameter files on systems to determine that Telnet and other insecure remote-login commands are not available for non-console access. And the guidance for 2.3 is: If non-console (including remote) administration…

What is an “Associate QSA”?

Today’s press release from the council announced efforts towards easing the resource constraints felt by QSA Companies. The PCI SSC is developing the Associate QSA certification with the goal of attracting new cyber talent to the program and easing the resource constraints felt by QSA Companies. This project is a first step in a phased…

Travel Agent PCI DSS Deadline June 1 2017 UPDATE! EXTENSION FROM IATA

The countdown is on for IATA Accredited Agents to be Payment Card Industry (PCI) Data Security Standard (DSS) compliant by June 1, 2017 IATA has issued the deadline to reduce the risks associated with payment card transactions and potential data breaches and made PCI DSS compliance a mandatory condition to obtain and retain accreditation as an…

Cloudy Breach

The Register has a story about a breach at cloudy service supplier Aptos. Aptos has several cloud services.  POS in the cloud.  Ecommerce in the cloud (didn’t see that one coming!). etc.  The timeline of what happened is: Feb 2016 – There was a breach and malware installed in the cloud. Nov 2016 – Aptos…