Security PCI RSP PCIDSS4.0 PCIDSS PCI DSS v4.0

Three steps to avoiding the new "In Place with Remediation" status and using the seven P's to help -- prior proper planning prevents p*#s poor performance!

PCI PCIDSS4.0 PCI Assessment PCI DSS v4.0

One of the most significant changes introduced in PCI DSS v4.0 involves the documented approach for performing internal vulnerability scans. The internal vulnerability scanning requirement...

PCI PCIDSS4.0 PCIDSS PCI DSS v4.0

There are two notable changes that may require a fair bit of runway to fully meet the existing requirement to monitor your critical security control systems.

PCIDSS4.0

What could possibly go wrong with calling out a non-compliant status, or “In Place with Remediation,” on your Attestation of Compliance? Do you have a storm brewing you are yet aware of?

PCI PCIDSS4.0 PCIDSS PCI DSS v4.0

Are you a SaaS? Do you offer various shared services to merchants and other service providers with access to resources or services being logically controlled or partitioned to keep...

PCI PCIDSS4.0 PCIDSS PCI DSS v4.0

Mistakes with PAN happen! Data leaks, memory dumps, or debug logs can accidentally contain sensitive information and can leak data into unexpected places in your environment. It is now a...

PCI PCIDSS4.0 PCIDSS PCI DSS v4.0

There are now two options to meeting the new requirement 6.4.2 for a web application firewall:  WAF or RASP. Notice I didn’t say manual code review!

PCIDSS4.0

If you don’t have documented and employee acknowledged roles and responsibilities for every role that is part of your PCI scope of assessment, you may need a long roadway to get this in...

PCIDSS4.0

Remember the good ole days when Requirement 7 was all about general and privileged user accounts? Well, those days are done as of March 31, 2025!

PCIDSS4.0

Have you ever been off-roading? Full-on four-wheel-drive, low gear, creeping over rocks, or blasting through snowbanks? It’s quite an exhilarating experience. I liken the updates made to...