SchellmanCON is back! Join us for our virtual conference on March 6 & 7, 2025

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

What is a Critical Security Control Failure?

Payment Card Assessments

Critical security control failure. It's a whole lot of words. What does this mean? How does this apply to your organization? Well, we here at Schellman are well aware of these requirements. Stay tuned.

Hello, I am Sully Perella, manager at Schellman, and for service providers, there is a requirement regarding critical security control failures. The idea behind this is that there are a number of controls within your environment that

  • Identify if malware has been installed
  • If firewalls are correctly functioning
  • The logging within your systems

All of these controls and many more throughout the standard identify when systems are behaving erratically, either because of general failures or because of an intrusion. The requirement around critical security control failures is meant to identify when each of these items ceases to work (the critical security control failure). Based on that, how does the organization know that this stopped working? How does your organization respond to it? And the triage that goes on afterward.

By having a set process to respond to critical security control failures, your organization can have much more assurance that it will know when the security controls in place cease to function, how your organization is going to respond, and how to prevent it from recurring in the future.

The value of a refined, critical security control failure process cannot be understated. A lot of organizations tied this to incident response, but there are some succinct differences. Do you have questions about how this applies to your organization or which controls would apply? Reach out to us, we'd love to talk. 

About Sully Perella

Sully Perella is a Senior Manager at Schellman who leads the PIN and P2PE service lines. His focus also includes the Software Security Framework and 3-Domain Secure services. Having previously served as a networking, switching, computer systems, and cryptological operations technician in the Air Force, Sully now maintains multiple certifications within the payments space. Active within the payments community, he helps draft new payments standards and speaks globally on payment security.