Latest changes to PCI SSC frequently asked questions.
The Attestation of Compliance is the document used to indicate that the appropriate Report on Compliance or Self-assessment Questionnaire has been performed, and to attest to your organization's compliance status …
There is no direct correlation between PCI DSS and ISO 27002. The ISO standards provide a framework for implementing an information security program while PCI DSS provides a baseline of …
Systems that use operating systems that are no longer supported with new security patches by the vendor, OEM, or developer are not necessarily out of compliance. Compensating controls could address …
The objective of PCI DSS requirement 9.7.1 "Classify media so the sensitivity of the data can be determined," is to ensure that media is controlled and protected against inadvertent or …
Events such as these should be accounted for in any service contract you sign with a software vendor. The Council requires that approved PA-QSAs carry appropriate liability insurance.
Entities wishing to have early access and input into the PCI security standards are required to join the Council as a participating organization. Non-Participating Organizations will not have access to …
Refer to DSS 1.2 section describing network segmentation.
PCI DSS requirement 4.2 prohibits the sending of unprotected primary account numbers (PANs) via end-user messaging technologies, including e-mail, instant messaging and chat, whether sent internally or over public networks. …
PCI DSS requirement 8.5 (and the associated sub-requirements) applies to administrators. As such, administrators are not allowed to share passwords. The intent of requirements for unique user IDs and complex …
For the purposes of the PCI DSS, a merchant is defined as any entity that accepts payment cards bearing the logos of any of the five members of PCI SSC …
