PCI DSS Requirement 6.2 Risk Ranking Vulnerabilities – Is your organization ready?

The Payment Card Industry Data Security Standards (“PCI DSS”) version 2.0 dated October 2010 became effective on January 1, 2011.  There were many subtle and not so subtle changes from the previous version of the standard.  The majority of the change became effective January 1, 2011, when requirement 6.2 was only considered a “best practice” by the PCI DSS. As of June 30, 2012, requirement 6.2 will become a requirement.  With June 30 just a few days away, if your report on compliance is not in the final stages of report issuance, you need to be prepared to comply with requirement 6.2.

Read More

A-LIGN Security and Compliance Services To Present Webinar, “Reducing Audit Impact by A-LIGNing PCI DSS, SOC 1 & 2 Requirements”

Gene Geiger, Director at A-LIGN Security and Compliance Services will present a webinar to share practical recommendations for improving overall audit efficiency which will lead to reduced audit impact, audit costs and audit fatigue. The presentation will take place on April 18, 2012 from 1-2 pm EST. All individuals/organizations are…

Read More

Evaluating Managed Service Providers’ PCI DSS Compliance

You need a managed service provider to outsource information technology services for your organization, but since you are in the payment card industry, they will need to be PCI DSS compliant. So you Google the service you need, compile a list of possible vendors, review their website and see that critical PCI DSS logo, so you are good-to-go, right? Maybe. The PCI Data Security Standard (“DSS”) is a set of information security standards published by the PCI Security Standards Council (“SSC”) for companies that store, process or transmit cardholder data. The PCI DSS includes twelve requirements that companies are required to implement in order to be PCI DSS compliant. When considering PCI DSS compliant service providers it is critical to understand which of their service offerings have been validated as PCI DSS compliant and which requirements were included in the assessment. If I had a nickel for every time a client said “they are PCI DSS so we are OK” I could buy a gallon of gas.

Read More