By:
Sully Perella
October 2nd, 2024
Though so much attention has been placed on secure coding to mitigate cyber threats to software, another emerging area of focus is the “software supply chain,” or the “software bill of materials” (SBOM). Why? Because software security doesn’t just depend on secure coding—the individual components of the software, or the SBOM—are equally critical.
Payment Card Assessments | PCI DSS
By:
PHIL DORCZUK
September 9th, 2024
Historically, PCI DSS has treated most service accounts as shared administrator accounts that had to be authorized with specific privileges using strong authentication factors. But now, version 4.0 of the PCI DSS has greatly expanded the scope of authentication and authorization requirements—while you’ll still need to secure those administrator accounts, you’ll now also need to implement controls to protect any application and service accounts in your environment.
Payment Card Assessments | PCI DSS
By:
Jeff Lasker
July 30th, 2024
Since the sunsetting of PCI DSS v3.2.1 on March 31, 2024, PCI DSS v4.0 has become effective, as have some of its new requirements (though future-dated requirements will be effective March 31, 2025). While v4.0 has introduced some major changes in various areas, for service providers—including some that include additional nuance for colocation providers in particular—multiple new requirements are now effective as well as some that are future-dated.
Payment Card Assessments | SWIFT
By:
Jon Anderson
July 18th, 2024
For those financial institutions involved in international transactions, compliance with the security requirements set forth by the Society for Worldwide Interbank Financial Telecommunication (SWIFT)—otherwise known as its Customer Security Programme (CSP), which aims to better secure the global financial community against cyber threats. One part of the Programme includes the SWIFT Customer Security Controls Framework (CSCF), which was updated in 2024 and now mandates controls around the protection of outsourced critical activity.
Payment Card Assessments | PCI DSS
By:
MATT CRANE
June 11th, 2024
As of June 11th, PCI DSS v4.0.1 was officially released. This update comes with several clarifications and adjustments to the previous version, ensuring more precise guidelines and addressing various implementation issues.
Payment Card Assessments | PCI DSS
By:
Bill Soverns
May 21st, 2024
If you’re a newly hired CISO or Director for an organization that’s required to achieve and maintain PCI DSS, you may be wondering how and where you can get started so that you’re ready when it comes time for the assessment to begin.
Payment Card Assessments | PCI DSS
By:
David Baca
April 30th, 2024
In the intricate world of payment security, navigating the labyrinthine requirements of the Payment Card Industry Data Security Standard (PCI DSS) can feel like deciphering code. But for merchants using virtual payment terminals, the PCI DSS SAQ C-VT emerges as a beacon of hope that offers a simplified path towards compliance.
By:
Jesse Eldell
April 11th, 2024
m;These days, to survive amidst the fierce competition of online commerce, merchants must prove they can safeguard sensitive cardholder data, and that means attaining and maintaining PCI compliance. And while the Self-Assessment Questionnaire (SAQ) A is often considered one of the more appealing routes to achieving that compliance, PCI DSS v4.0 has added new requirements to the SAQ A regarding Approved Scanning Vendor (ASV) scans.