Let’s be real for a second – the report on compliance is mandatory for all level 1 merchants and any merchant regardless of level that is required to provide a report on compliance by either their acquirer or card brand. Most level 1 merchants fall out of compliance shortly after the ink is dry on their most recent report. Why? Because they don’t have a sustainability program. The RoC is treated like a bad surprise every year and that creates wasted effort, lost money, and burned out staff.
The Seven Most Common PCI Compliance Challenges Merchants Face
For most merchants, PCI DSS Compliance is a confusing, complicated mix of requirement complexity, lack […]
Warning: Complacency With Your Vulnerability Management Program Can Hurt Your Organization
Warning: Complacency With Your Vulnerability Management Program Can Hurt Your Organization By definition, a computer […]
Top 8 Takeaways from the PCI Global Community Online Conference
It was a whirlwind of 3 days of video presentations and key note speakers. Rolling […]
How Mature is Your PCI DSS Compliance Program?
With 72% of merchants falling out of compliance shortly after completing a Report on Compliance […]
How Safe Is Your Customer Cardholder Data At Rest and During Transmission?
Welcome back to the our series, The Ultimate Guide On Managing PCI DSS Requirement Frequencies. […]
The Anatomy of PCI DSS Requirements
We’re interrupting the Ultimate Guide to PCI DSS Requirement Frequencies to bring you an important […]
How Safe Are Your PCI In-Scope Assets From Nefarious Threat Actors?
Welcome back to the Ultimate Guide To PCI DSS Requirement Frequencies! So far we’ve covered […]
Firewalls and Routers: How to Take Control of Unruly Firewall Rules, Configurations and Network Connections
Best Practice: Developers and system administrators request changes to firewall rule sets all the time. Whether it’s to do work on system components or test system components, these changes can make a mess out of your rule sets. It’s so easy for someone to unintentionally request an “any” rule which is prohibited in the cardholder data environment. Our best advice is to insert your ISA or someone on the compliance team into the firewall rule change review.
How to Manage Your PCI DSS Scope (Even If It’s Always Changing)
Does managing your PCI scope feel like you’re herding cats or trying to nail jell-o to a tree? If you don’t have a handle on your scope, achieving or maintaining PCI DSS Compliance is next to impossible.