SearchSecurity.co.UK Research Library

Powered by Bitpipe.com

ABSTRACT:

By design, the Payment Card Industry Data Security Standard (PCI DSS) strives to provide merchants with a high level of technical detail so that organizations know when they're "hitting the bar."  But not every requirement is clear as crystal.

This presentation addresses the questions that pose the greatest challenge to enterprises as they struggle to interpret the requirements; outlines recent and upcoming clarifications from the PCI Security Standards Council; and discuss strategies used in the field to reduce the complexity.

Key questions to be covered include:

  • Does "one function per server" mean that we can't use virtualization?
  •  Must our penetration testing and/or quarterly scanning cover everything or just the cardholder environment?
  •  If we miss one of our quarterly scans, does that mean we need to wait a full year to be compliant?
  • The requirements state individuals with a "legitimate business need" can view PANs. What does that mean?

(THIS RESOURCE IS NO LONGER AVAILABLE.)

Bitpipe Definitions: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Other

What's Popular at Bitpipe? Daily Top 50 Reports | Daily Top 100 Topics | Popular Report Topics

SearchSecurity.co.UK Research Library Copyright © 1998-2012 Bitpipe, Inc. All Rights Reserved.

Designated trademarks and brands are the property of their respective owners.

Use of this web site constitutes acceptance of the Bitpipe Terms and Conditions and Privacy Policy.