We’re back again to discuss another SAQ in our series covering the different SAQs that an organization can complete to meet PCI DSS requirements. This decision is an important one, as your applicable SAQ will increase or decrease the number of requirements that you need to address (which equates to cost) as well as the […]
We come back to our series covering the different SAQs that an organization can complete to meet PCI DSS requirements. This decision is an important one, as your applicable SAQ will increase or decrease the number of requirements that you need to address (which equates to cost) as well as the scope of systems that […]
As we continue discussing the different SAQs that organizations complete, we’re going to cover another very specific merchant SAQ today. Merchants that use (point-of-interaction) POI terminals connected directly to the Internet and their payment processor can complete an SAQ B-IP, as of PCI DSS version 3.0 (February 2014). We’ll cover which merchants can use this […]
As we continue to discuss the different types of Self-Assessment Questionnaires (SAQs) within PCI, we’re continuing with some of the smaller SAQs from a requirements and scope perspective. SAQ A-EP is interesting and a little different from the SAQs we’ve discussed previously because it is a subset or special case of SAQ A. It’s also […]
One of the most common compliance standards we deal with as an organization is the Payment Card Industry Data Security Standard (PCI DSS). Reading through this standard can be complex however, and trying to figure out how it applies to your organization can be a daunting task. For most organizations that have to complete a […]
One of the most common compliance standards we deal with as an organization is the Payment Card Industry Data Security Standard (PCI DSS). Reading through this standard can be complex however, and trying to figure out how it applies to your organization can be a daunting task. For most organizations that have to complete a […]
The PCI Council released a minor update to the Payment Card Industry Data Security Standard (PCI DSS) in May of this year. Their isn’t really anything earth shattering included in these PCI DSS changes, but it’s always worth knowing exactly what changes are made, especially if being PCI compliant affects your business. The changes from […]
Segmentation is not a requirement to meet PCI compliance. However, it is strongly recommended by the PCI Council as it can greatly reduce the cost, scope, and difficulty of meeting compliance. In this blog, we will explore these reasons a bit further and explain the importance of PCI segmentation. What is Segmentation? Segmentation, from a […]
Having performed numerous Reports on Compliance (ROC) for corporations and assisted a myriad of clients with their Self Assessment Questionnaire (SAQ), one thing is apparent to us: companies large and small are having difficulty determining PCI scope for their environment. This can have a profound impact on your compliance. Having the wrong scope can invalidate […]
Among the security testing that PCI DSS v3.2 requires is external penetration testing. External penetration testing is becoming a regular part of security practitioner’s vocabularies, with seemingly every security standard requiring it and any mature security program identifying its importance. The requirements surrounding a PCI external penetration test have some specific nuances that are worth […]
