As we move through the requirements of PCI DSS 4.0, we’ve reached the point where the standard specifies what it means to protect data as it moves through and outside of private and public networks. 

Encryption seems like a no-brainer, but in many cases, organizations have no idea how to manage their encryption approach properly. Key management, minimum strength, and application points can be challenging to juggle without understanding how it fits into the bigger picture. 

Here, we’ll discuss the fourth requirement of PCI DSS 4.0 and what it says about in-transit encryption.

Read More

Previously, we discussed preparing for the new PCI DSS 4.0 standard and how to wrap your head around the first requirement–network and system security. The following requirement moves on to another critically important aspect of compliance and security–configuration management. 

Here, we’ll break down the concept of configuration management in PCI DSS and how this is spelled out in the Second Requirement.

Read More

PCI DSS compliance is verifying that your systems, those that handle personal and cardholder information, meet all the expectations of the 12 requirements of the standard. These requirements describe security and privacy controls to protect against modern threats and vulnerabilities and call for both attention to implementing controls and maintaining long-term best practices. 

The best way to understand expectations under PCI DSS is to walk through the requirements and what they say about security. Here, we’ll touch on the first requirement: Install and maintain security controls.

Read More