PCI DSS 4.0 Timeline: The Eleventh Requirement and System Testing

PCI DSS 4.0 featured

System security is one task of many in organizations focused on compliance, one that requires continuous monitoring and diligence to ensure its success. One of the more critical aspects of compliance requirements like PCI DSS 4.0 is ongoing testing of system and network components. 

What does that process look like for companies in the payment industry? It involves a combination of active and passive testing methods to document and follow up on unauthorized changes. 

 

Read More

Timeline for PCI DSS 4.0: The Tenth Requirement and System Monitoring

PCI DSS 4.0 featured

As we move through the requirements for PCI DSS 4.0, we’re coming up to the double digits, which means some more advanced expectations. Namely, the tenth requirement focuses on system logging and monitoring for systems containing cardholder data. 

The maintenance of audit logs is about more than automatically recording data about system events. Your system must secure, protect, and ensure the integrity of that information to serve a role in incident prevention and investigation.

 

Read More

Timeline for PCI DSS 4.0: The Ninth Requirement and Physical Access Security

pci dss 4.0 featured

When thinking about cybersecurity, many stakeholders outside the industry will rarely consider the physical systems supporting digital information. And yet, almost any security framework worth its salt will have some provision for securing physical systems and environments. PCI DSS 4.0 is no different, and the ninth requirement is dedicated to just this topic.

This article will discuss this requirement and exactly what it means to approach the physical security of systems containing cardholder data in compliance with PCI DSS.

 

Read More