The Schellman Blog

The Payment Card Industry Security Standards Council has released a major revision of the PCI Secure Software Standard (PCI SSS), moving from v1.2.1 to v2.0. This isn't an incremental update but rather a fundamental restructuring that reflects how software security has evolved in today's interconnected digital landscape.

Managing scripts on payment pages has become a key focus area under PCI DSS, particularly as third-party and dynamically loaded scripts introduce new risk. As attacks targeting client-side scripts continue to increase and PCI DSS v4.x places greater emphasis on ongoing monitoring, organizations are expected to demonstrate not only visibility into payment page scripts, but also effective controls to detect unauthorized changes.

As the EU AI Act moves from legislation to implementation, organizations across Europe and beyond are working to operationalize AI governance in practical, auditable ways. Compliance and governance leaders, AI product teams, and executives are asking the same question: How can we demonstrate EU AI Act compliance in a structured and defensible way?

The Cloud Security Alliance (CSA) created the Security, Trust, Assurance, and Risk (STAR) program in August of 2011 to improve transparency and security within cloud computing. This program was built upon the Cloud Controls Matrix (CCM), a selection of cloud controls designed to secure cloud service providers and customers, and is mapped to major standards like ISO 27001.

Artificial intelligence is reshaping the cyber threat landscape as attackers have already begun weaponizing AI to dramatically accelerate phishing, reconnaissance, payload development, and attack execution.

The long-anticipated Cybersecurity Maturity Model Certification (CMMC) Final Rule, published on September 10, 2025, officially became effective November 10, 2025. This shift from voluntary guidance to mandatory, enforceable contract requirements under the Defense Federal Acquisition Regulation Supplement (DFARS) marks a turning point for every organization that supports the federal defense supply chain. This critical milestone also signifies that full implementation is just beginning.

TAMPA, Fla. and SAN FRANCISCO, February 3, 2026 – Schellman, a leading provider of attestation and compliance services, today becomes the first authorized auditor of AIUC-1, the comprehensive security, safety, and reliability standard for AI agents, marking a significant milestone in AI compliance. As enterprises accelerate AI adoption and systems become more agentic, they face mounting challenges: security leaders confront novel attack vectors, legal teams navigate uncertain liability, and procurement processes slow under bespoke risk assessments. AIUC-1 addresses these challenges with a comprehensive, actionable standard specifically designed for AI agents.

Cloud computing has become foundational for how businesses and governments deliver services, store sensitive data, and scale operations. As organizations increasingly rely on third-party cloud providers, it is critical to have verifiable assurance that these providers implement robust security controls aligned with the sensitivity of the data and workloads they host.