So you are wondering why you can not find the latest PCI DSS v4 version to participate in the RFC? You meet the criteria as a PO, QSA or ASV, but the document is nowhere to be found in the other PCI portal. Its because access to the RFC is restricted to your organizations’ primary contact. …
Compliance assessment activities and regular compliance activities (i.e. penetration tests, employee training, etc) may be disrupted during COVID. Retail locations may be closed, staff may be unavailable. Obviously human safety trumps any PCI DSS compliance concerns. Merchants and QSAs do have questions about compliance in COVID times. We are still awaiting to hear from the acquirers…
The Council has a blog post about the upcoming revision to the data security standard, version 4. While talking about version 4, the council has specifically identified the following industry feedback related to the DSS: Authentication, specifically consideration for the NIST MFA/password guidance Broader applicability for encrypting cardholder data on trusted networks Monitoring requirements to…
Remain calm. There is no PCI DSS v4.0 yet. But from the recent community meeting it looks like v4.0 will become “objective” based. The new Software Security Framework (aka the S3 Framework) will be the Council’s first take using an “objective” based approach. (The Software Security Framework will incorporate the Payment Application Data Security Standard…
Some of the simple common questions regarding what is allowed for multifactor authentication are answered in FAQs from the Council. Some of the more complex ones aren’t and need technical expertise to answer, sorry. FAQ 1425: Is “two-step” authentication the same as “two-factor” or “multi-factor” authentication? Answer summary: NO FAQ 1449: Is two-step authentication acceptable…
Today’s press release from the council announced efforts towards easing the resource constraints felt by QSA Companies. The PCI SSC is developing the Associate QSA certification with the goal of attracting new cyber talent to the program and easing the resource constraints felt by QSA Companies. This project is a first step in a phased…
