thePCI Portal

Category: PCI SSC

COVID and Compliance (March 22, 2020)

Compliance assessment activities and regular compliance activities (i.e. penetration tests, employee training, etc) may be disrupted during COVID. Retail locations may be closed, staff may be unavailable. Obviously human safety trumps any PCI DSS compliance concerns.  Merchants and QSAs do have questions about compliance in COVID times. We are still awaiting to hear  from the acquirers…

The upcoming revision to the data security standard, version 4

The Council has a blog post about the upcoming revision to the data security standard, version 4. While talking about version 4, the council has specifically identified the following industry feedback related to the DSS: Authentication, specifically consideration for the NIST MFA/password guidance Broader applicability for encrypting cardholder data on trusted networks Monitoring requirements to…

MultiFactor and Multistep authentication

Some of the simple common questions regarding what is allowed for multifactor authentication are answered in FAQs from the Council. Some of the more complex ones aren’t and need technical expertise to answer, sorry. FAQ 1425:  Is “two-step” authentication the same as “two-factor” or “multi-factor” authentication? Answer summary:  NO FAQ 1449: Is two-step authentication acceptable…

What is an “Associate QSA”?

Today’s press release from the council announced efforts towards easing the resource constraints felt by QSA Companies. The PCI SSC is developing the Associate QSA certification with the goal of attracting new cyber talent to the program and easing the resource constraints felt by QSA Companies. This project is a first step in a phased…