What Are You Really Interested In?
As a QSA, we hear this comment all of the time. “PCI is all about compliance, not security.” The implication being that the person talking is interested in actually securing their environment not just...
View ArticlePre-Authorization And Post-Authorization (Part 1)
Welcome to a new year. I have had a number of interactions with a variety of people over the previous year and it has become obvious that the concepts of pre-authorization and post-authorization data...
View Article2018 North American PCI Community Meeting Thoughts
It was an interesting time in Las Vegas this year. Part of that is due to the fact that we are in Las Vegas. But part of it was that the Community Meeting seemed to be devoid of the usual...
View ArticleOpen Source
One of the questions we received at the last PCI Dream Team session was: “What about open source for 6.5?” I am sure the person asking wanted to know whether open source payment solutions must comply...
View ArticleWill The Council Kill Off TLS?
On February 6, 2019, a technical paper was published regarding a new attack on TLS 1.2 and 1.3 had been identified. Of course, the first thing that a lot of us wondered was, “Will the PCI SSC now kill...
View ArticleMore On The NIST Password Standard
Apparently, I touched a nerve with my post on the National Institute of Standards and Technology (NIST) password standards discussed in Special Publication (SP) 800-63B. As a result, I thought I would...
View ArticleRemote Assessment Guidance Issued
The PCI SSC has issued guidance in response to the Covid-19 pandemic and conducting on-site fieldwork for PCI assessments. Their blog post can be found here. Given that governments around the world...
View ArticleDevOps And PCI – Part 1
DevOps are all the rage in organizations that develop applications. The move to become “Agile” through the implementation of methodologies such as Scrum to replace the traditional waterfall SDLC is...
View ArticleDevOps And PCI – Part 2
In the first post on this topic we discussed the terminology of DevOps and how segregation of duties can get complicated with DevOps. In this post we will continue to investigate DevOps and discuss...
View ArticlePCI Dream Team LIVE! Is Coming In October
The PCI Dream Team will be appearing LIVE at the (ISC)2 Security Congress in Orlando this Fall, Monday, October 18 through Wednesday, October 20, 2021. Our session is scheduled for Tuesday, October...
View Article