thePCI Portal

Category: QSA

Does requirement 6.4.3 mean that a merchant who uses an iframe so that their payment service provider collects the payment information have to implement a method to ensure the integrity of scripts on their web page?

Did you come here looking for an answer to this question?  If so, YOU ARE IN LUCK.  We have lots of answers to this question.  I am sure you can find one that fits your requirements.   NOTE:  all of the answers below are real.  QSACs really said these things (not just a QSA, but…

What is your favourite PCI DSS requirement?

For me, 6.1 and its brethren 6.2.  Knowing about vulnerabilities and doing something about them! As a QSA, I always knew of a big critical vulnerability in each platform I assessed.  A biggie.  The worse the better. I poured over samples seeking unpatched devices.  Every demo session I would be jotting version numbers down continually…

Fishbowl – Connect and Share

Have you heard of fishbowl? I was recently introduced to it. It bills itself as a way to “Connect and share with people in your industry”. The groups of interest are referred to as “bowls” and there is one for PCI DSS practicioners. Supposedly there is a mechanism for anonymously sharing working conditions (and compensation…

Is an Audit Certification in your future?

There are many folks in the PCI industry who will soon require a second security certification.  For a lot of them, it will mean the pursuit of an auditor certification from this list: ISACA Certified Information Systems Auditor (CISA) GIAC Systems and Network Auditor (GSNA) Certified ISO 27001, Lead Auditor, Internal Auditor 1 IRCA ISMS…

Supplementary validation for “designated” entities

Have you ever heard of the supplementary validation for designated entities (a.k.a DESV)? If not, you should be happy.  According to the Council’s FAQ for designated entities, “A Designated Entity is determined by an Acquirer or Payment Brand as an organization that requires additional validation to existing PCI DSS requirements. “ Organizations that view PCI…

What is an “Associate QSA”?

Today’s press release from the council announced efforts towards easing the resource constraints felt by QSA Companies. The PCI SSC is developing the Associate QSA certification with the goal of attracting new cyber talent to the program and easing the resource constraints felt by QSA Companies. This project is a first step in a phased…