What to look for in a QSA

This was originally posted as an INSIGHT for Wolf & Company, P.C. here. If your organization is new to PCI compliance, you are probably wondering how you should choose which QSA to work with. This decision is not one to take lightly, as there are nearly four hundred QSA Companies (QSAC), with an estimated one thousand … Continue reading What to look for in a QSA

New PCI MFA Guidance

On February 9, 2017 the PCI SSC released a new Information Supplement Multi-Factor Authentication with the intent to aid Organizations in meeting Requirement 8.3. One interesting quote in the document’s Overview: While PCI DSS Requirement 8.3 does not currently require organizations to validate their MFA implementation to all the principles described in this guidance document, these principles may … Continue reading New PCI MFA Guidance

PCI Scoping Guidance

Back on Friday December 9, 2016, the Payment Card Industry Security Standards Council (PCI SSC) released a new Information Supplement Guidance for PCI DSS Scoping and Network Segmentation. The purpose of this Supplement was to provide some clarification on how an Organization can implement network segmentation controls to minimize the scope of systems covered by … Continue reading PCI Scoping Guidance

Updated PCI Card Production Standards

The PCI SSC has released version 2.0 of both the Card Production Logical Security Requirements and the Card Production Physical Security Requirements. Both documents are now available on the Document Library. Why should many of you be interested in taking a closer look at both documents? The documents start with a scoping definition: Logical: “All systems … Continue reading Updated PCI Card Production Standards