How the CIS Controls Can Help You Achieve PCI DSS 3.2 Compliance

This is a great read for anyone dealing with the complexity associated with PCI compliance and how to navigate from “finding” to “control in place”.  Enjoy!

A Guide to PCI DSS Merchant Levels and Penetration Testing

This is a great, straight-forward explanation of the Merchant Levels associated with PCI DSS.  Thanks to the team at Tripwire for sharing.  Everyone should have this information internalized or readily available for discussion when supporting customers or internal resources that process branded credit/debit cards.

The Payment Card Industry Data Security Standard: What’s new in v3.2?

I have tweeted a link to this article previously, but it worthwhile and bears repeating.  Jeff Man has done an excellent job recapping both the changes found in DSS 3.2 but also the timing implications.  This is required reading for everyone striving to maintain compliance as a merchant or service provider.

FTC Demands Info From PCI Auditors

The PCI DSS process is about to get more complicated and compliance is going to be harder to obtain – and frankly that’s a good thing.  Moving compliance efforts closer to real security efforts benefits the protection of data.  Making compliance something to obtain, and not simply purchase, will create ownership and buy-in in the compliance process.  Buy-in often leads to understanding which in turn can lead to valuing the effort and target outcome.

I look forward to seeing a few more teeth added to the PCI DSS, even if it takes the creation of a little kicking and screaming by the FTC.