With the new PCI DSS 4.0 updates now public, payment processors and security experts are examining some of the latest changes. One of the changes we’ve noticed (and one that will most likely make a massive difference for assessments) is the inclusion of customized approaches to PCI DSS assessment. This evolution of compensating controls in requirement assessment is set to alter how some companies think about their compliance obligations fundamentally.
On March 31, 2022, the Payment Card Industry (PCI) Security Standards Council released version 4.0 of the Data Security Standard (DSS), updating what has been a long-running standard that needed some refreshing based on the newest technologies on the market. The increased focus on eCommerce and reliance on mobile devices has introduced several major security threats to consumers and merchants, and version 4.0 serves as the PCI DSS way of addressing them.
Merchants and credit card processors don’t, as of yet, need to update their infrastructure to 4.0 standards, but with the release of the initial documentation, the clock for meeting new compliance standards is ticking.
Companies attempting to navigate the complex world of private and public cybersecurity might get confused about what they should focus on. The truth is that you can’t adopt them all… but you can focus on the regulations that directly impact how you do business.
Here, we’ll discuss two of the most prevalent security frameworks–FedRAMP and ISO 27001.