By:
Salvatore Butera
December 10th, 2024
Across the current digital economy, more and more are going passwordless—with tech conglomerates like Apple, Microsoft, and Google leading the way, organizations are pivoting to other cybersecurity solutions to better secure information and simplify workflows. But replacing passwords with alternatives successfully also means accounting for extended related factors—including those that could impact your PCI DSS compliance.
By:
Sully Perella
November 7th, 2024
Scoping is a key first step in any compliance assessment, and those who have been through the process understand how vital—and how tricky—it can be. Scoping is particularly crucial in PCI DSS, as drawing your boundaries largely determines which requirements your organization must satisfy, and when you’re operating within a Zero Trust environment, things appear to get more complicated.
By:
Sully Perella
October 2nd, 2024
Though so much attention has been placed on secure coding to mitigate cyber threats to software, another emerging area of focus is the “software supply chain,” or the “software bill of materials” (SBOM). Why? Because software security doesn’t just depend on secure coding—the individual components of the software, or the SBOM—are equally critical.
Payment Card Assessments | PCI DSS
By:
PHIL DORCZUK
September 9th, 2024
Historically, PCI DSS has treated most service accounts as shared administrator accounts that had to be authorized with specific privileges using strong authentication factors. But now, version 4.0 of the PCI DSS has greatly expanded the scope of authentication and authorization requirements—while you’ll still need to secure those administrator accounts, you’ll now also need to implement controls to protect any application and service accounts in your environment.
Payment Card Assessments | PCI DSS
By:
Jeff Lasker
July 30th, 2024
Since the sunsetting of PCI DSS v3.2.1 on March 31, 2024, PCI DSS v4.0 has become effective, as have some of its new requirements (though future-dated requirements will be effective March 31, 2025). While v4.0 has introduced some major changes in various areas, for service providers—including some that include additional nuance for colocation providers in particular—multiple new requirements are now effective as well as some that are future-dated.
Payment Card Assessments | SWIFT
By:
Jon Anderson
July 18th, 2024
For those financial institutions involved in international transactions, compliance with the security requirements set forth by the Society for Worldwide Interbank Financial Telecommunication (SWIFT)—otherwise known as its Customer Security Programme (CSP), which aims to better secure the global financial community against cyber threats. One part of the Programme includes the SWIFT Customer Security Controls Framework (CSCF), which was updated in 2024 and now mandates controls around the protection of outsourced critical activity.
Payment Card Assessments | PCI DSS
By:
MATT CRANE
June 11th, 2024
As of June 11th, PCI DSS v4.0.1 was officially released. This update comes with several clarifications and adjustments to the previous version, ensuring more precise guidelines and addressing various implementation issues.
Payment Card Assessments | PCI DSS
By:
Bill Soverns
May 21st, 2024
If you’re a newly hired CISO or Director for an organization that’s required to achieve and maintain PCI DSS, you may be wondering how and where you can get started so that you’re ready when it comes time for the assessment to begin.