Get latest articles directly in your inbox, stay up to date

tags

PCI PCIDSS4.0 PCIDSS PCI DSS v4.0

Understanding the Changes to Appendix A1: Multi-Tenant Service Providers
By Adam Gaydosh on April 21, 2022

Are you a SaaS? Do you offer various shared services to merchants and other service providers with access to resources or services being logically controlled or partitioned to keep...

Continue Reading
tags

PCI PCIDSS4.0 PCIDSS PCI DSS v4.0

Incident Response - Unexpected PAN Identified
By Mark Hannah on April 21, 2022

Mistakes with PAN happen! Data leaks, memory dumps, or debug logs can accidentally contain sensitive information and can leak data into unexpected places in your environment. It is now a...

Continue Reading
tags

PCI PCIDSS4.0 PCIDSS PCI DSS v4.0

Web Application Firewall - Automated Technical Solution
By Maryann Douglass on April 21, 2022

There are now two options to meeting the new requirement 6.4.2 for a web application firewall: WAF or RASP. Notice I didn’t say manual code review!

Continue Reading
tags

PCIDSS4.0

Roles and Responsibilities | Who's Driving What?
By Mark Hannah & Sherri Collis on April 18, 2022

If you don’t have documented and employee acknowledged roles and responsibilities for every role that is part of your PCI scope of assessment, you may need a long roadway to get this in...

Continue Reading
tags

PCIDSS4.0

PCI v4.0 - Requirement 7:  All Things Accounts and Access Reviews
By Sherri Collis & Grant Sabesky on April 18, 2022

Remember the good ole days when Requirement 7 was all about general and privileged user accounts? Well, those days are done as of March 31, 2025!

Continue Reading
tags

PCIDSS4.0

The Customized Approach | Part 1
By Greg High on April 18, 2022

Have you ever been off-roading? Full-on four-wheel-drive, low gear, creeping over rocks, or blasting through snowbanks? It’s quite an exhilarating experience. I liken the updates made to...

Continue Reading
tags

PCIDSS4.0

The Customized Approach | Part 2
By Greg High on April 18, 2022

The recent release of PCI DSS v4.0 may give the mistaken impression that there is a lot of time for organizations to prepare for any required changes to people, processes, and technologies....

Continue Reading
tags

PCIDSS4.0

The Customized Approach | Part 3
By Greg High on April 18, 2022

I’ve recently spent some time reviewing the PCI DSS v4.0’s updates on the Customized Approach and want to go on record as stating that I believe this is one of the most significant changes...

Continue Reading
tags

Malware PCI compliance PCIDSS4.0

4 Things You Must Know About PCI's New Anti-Malware Requirements
By Gord Hooker on April 18, 2022

The number of assessment testing procedures for anti-malware doubled – it went from 18 to 36, including a major new requirement!

Continue Reading
tags

Risk Assessments PCI Risk Risk Management RSP PCIDSS4.0 PCIDSS PCI Assessment

Targeted Risk Assessments | Know Thy Risks
By Eugene Tyrell on April 18, 2022

PCI DSS v4.0 introduces new expectations about what is required when it comes to assessing risk. In contrast to the previous version of the Standard, risk awareness is a core concept that...

Continue Reading

Submit a Comment

Get latest articles directly in your inbox, stay up to date