What Is A Vulnerability Deviation Request in StateRAMP Authorization?

Nov 10, 2022 Lazarus Alliance 0 Comment

When we talk about scans, tests, and authorization in the context of StateRAMP assessment, we tend to think that the process (and all its moving parts) are relatively stable and predictable. And, for the most part, this thinking is correct. However, it’s normal, and in some ways expected, to run into issues where scans and tests return problems that can halt a StateRAMP authorization process–even if there isn’t a clear and unmitigated system failure. These instances fall under the category of a vulnerability deviation, and cloud service providers have a path toward working around these issues and gaining their StateRAMP ATO.

Timeline for PCI DSS 4.0: The Twelfth Requirement, Policies, and Programs

Oct 26, 2022 Lazarus Alliance 0 Comment

So, after a long journey, we’ve arrived at the twelfth and final requirement for PCI DSS 4.0. Last but certainly not least, this requirement emphasizes the need for creating, documenting, and implementing organization-wide security and compliance policies.

PCI DSS 4.0 Timeline: The Eleventh Requirement and System Testing

Oct 19, 2022 Lazarus Alliance 0 Comment

System security is one task of many in organizations focused on compliance, one that requires continuous monitoring and diligence to ensure its success. One of the more critical aspects of compliance requirements like PCI DSS 4.0 is ongoing testing of system and network components.

What does that process look like for companies in the payment industry? It involves a combination of active and passive testing methods to document and follow up on unauthorized changes.