Previously, we discussed preparing for the new PCI DSS 4.0 standard and how to wrap your head around the first requirement–network and system security. The following requirement moves on to another critically important aspect of compliance and security–configuration management.
Here, we’ll break down the concept of configuration management in PCI DSS and how this is spelled out in the Second Requirement.
PCI DSS compliance is verifying that your systems, those that handle personal and cardholder information, meet all the expectations of the 12 requirements of the standard. These requirements describe security and privacy controls to protect against modern threats and vulnerabilities and call for both attention to implementing controls and maintaining long-term best practices.
The best way to understand expectations under PCI DSS is to walk through the requirements and what they say about security. Here, we’ll touch on the first requirement: Install and maintain security controls.
As we’ve been writing, PCI DSS 4.0 is upon us. We’ve discussed some of the broader changes around the newer versions, but we have yet to dig deeper into the timeline for version 4.0.
This article will discuss the preliminary steps you can take to prepare for the update. With a focus on understanding your IT infrastructure and the impact of the regulations on how you can use it, you can start to get your feet wet with the new standards and some of the curveballs they might throw at you.