As we move through the requirements for PCI DSS 4.0, we’re coming up to the double digits, which means some more advanced expectations. Namely, the tenth requirement focuses on system logging and monitoring for systems containing cardholder data. 

The maintenance of audit logs is about more than automatically recording data about system events. Your system must secure, protect, and ensure the integrity of that information to serve a role in incident prevention and investigation.

Read More

When thinking about cybersecurity, many stakeholders outside the industry will rarely consider the physical systems supporting digital information. And yet, almost any security framework worth its salt will have some provision for securing physical systems and environments. PCI DSS 4.0 is no different, and the ninth requirement is dedicated to just this topic.

This article will discuss this requirement and exactly what it means to approach the physical security of systems containing cardholder data in compliance with PCI DSS.

Read More

As we work through the requirements of PCI DSS, we’ve run into several calls for securing data against “unauthorized users.” Operationally, this makes sense–cardholder data should be protected against use or viewing by people that don’t have a reason to do so. However, any effective IT security system must have a method to ensure that only authorized individuals access resources. This is what the seventh requirement of PCI DSS 4.0 addresses–restricting access to system components and cardholder data. 

Read More