Timeline for PCI DSS 4.0: The Ninth Requirement and Physical Access Security

pci dss 4.0 featured

When thinking about cybersecurity, many stakeholders outside the industry will rarely consider the physical systems supporting digital information. And yet, almost any security framework worth its salt will have some provision for securing physical systems and environments. PCI DSS 4.0 is no different, and the ninth requirement is dedicated to just this topic.

This article will discuss this requirement and exactly what it means to approach the physical security of systems containing cardholder data in compliance with PCI DSS.


Read More

Timeline for PCI DSS 4.0: The Seventh Requirement and System Access

PCI DSS 4.0 featured

As we work through the requirements of PCI DSS, we’ve run into several calls for securing data against “unauthorized users.” Operationally, this makes sense–cardholder data should be protected against use or viewing by people that don’t have a reason to do so. However, any effective IT security system must have a method to ensure that only authorized individuals access resources. This is what the seventh requirement of PCI DSS 4.0 addresses–restricting access to system components and cardholder data. 


Read More

Timeline for PCI DSS 4.0: The Sixth Requirement and Maintaining Secure Systems

PCI DSS 4.0 sixth requirement featured

Software, whether a locale installation or a web application, carries the risk of attack. While phishing and other social engineering attacks are some of the most common forms of a system breach, hackers still go for open vulnerabilities in software, whether due to bugs or misconfigured settings. That’s why the sixth requirement of the PCI DSS 4.0 emphasizes the practices and policies that help maintain secure software. 


Read More