Recent Updates RSS

FTP is considered an insecure protocol as it does not provide protection for its communication channel or logon details. PCI DSS Requirement 1 states that network security controls (NSCs), such …

The intent of the PCI DSS logging requirements is to provide a complete record of who did what, where, when, and how, so it can be used for investigation in …

Although log correlation is a valuable tool in a company's information security strategy, it does not replace intrusion detection mechanisms, such as IDS/IPS. Intrusion detection mechanisms provide proactive detection of …

Whether an MPLS network can be considered a private network is dependent upon the specific provider and configuration of that network. The implementation would need to be evaluated to determine …

If the cardholder data is stored in non-persistent memory (e.g. RAM), encryption of cardholder data is not required. However, proper controls must be in place to ensure that memory maintains …

PCI DSS applies to any primary account number (PAN), including active, expired, or cancelled PAN, except where the organization can provide documentation which confirms that the PAN is inactive or …

The Council encourages organizations to seek professional guidance in achieving compliance and completing the Self-Assessment Questionnaire. Entities can use any security professional they choose; however, PCI SSC recommends engaging a …

A system-level object is anything on a computer system required for its operation, including but not limited to application executables and configuration files, system configuration files, static and shared libraries …

Each of PCI SSC's Participating Payment Brand members (American Express, Discover, JCB International, Mastercard, UnionPay, and Visa) currently have their own PCI compliance programs for the protection of their affiliated …