Archive

April 25, 2024 Authors: Carla Brinker and Kyle Koppe Cloud computing is incredibly popular, yet on an organizational level can still be mysterious.

March 7, 2024 You’ve put it off, ignored it, or just been busy. Whatever the case, PCI version 4.0 is a reality as of April 1, 2024.

September 27, 2023 Consistently maintaining compliance with any cyber security standard, especially a more prescriptive one like the PCI Data Security Standard (DSS), is challenging for any organizati…

July 18, 2023 While using wireless technologies in a PCI environment can be tricky, it is possible to configure it appropriately and obtain compliance (keeping in mind that misconfigured wireless netw…

June 26, 2023 Vulnerability scans are very configurable and range in efficacy based on the settings chosen.

June 12, 2023 The PCI DSS requires a review of all network security control (NSC) configurations at least once every six months (Req. 1.2.7). Sounds simple and easy enough, but it’s worth a review.

Does this sound familiar?  You’ve gotten your Report on Compliance (RoC), but you’re dreading the next assessment because you know things have slipped. Why?  Because PCI is a lifestyle.

January 5, 2023 The PCI DSS requires service providers to confirm that their security personnel are “performing their tasks in accordance with all security policies and operational procedures” at …

December 8, 2022 The PCI DSS requires that all assessed entities develop and maintain a penetration testing methodology.

October 6, 2022 Penetration testing (pen testing) remains largely the same in PCI version 4.0 as it was intended in PCI version 3.2.1, but the explanation of the intent is clarified.

September 22, 2022 The game, Mrs. Hudson, is ON! Version 4.

Published 7/27/22, 9:00am You’ve heard about the new Customized Approach in PCI DSS 4.0 that allows assessed entities to meet PCI requirements in an alternative manner.