07
Nov
13

Hot Off The Press

The PCI SSC released the final versions of the PCI DSS v3 and PA-DSS v3 this morning.  You can get your copies here as long as you sign their agreement.  The Change Summary documents for both are also finalized and available in the library.  Enjoy!

Advertisements

2 Responses to “Hot Off The Press”


  1. 1 Jim Robinson
    November 13, 2013 at 6:19 PM

    Very subtle change to the Scope of PCI DSS Requirements “Systems that provide security services (for example, authentication servers), facilitate segmentation (for example, internal firewalls), or may impact the security of (for example, name resolution or web redirection servers) the CDE.”

    What impact will including “web redirection servers” have on merchants using hosted payment gateways, previously a strategy for de-scoping?

    • November 18, 2013 at 6:39 AM

      It means that those merchants will have to monitor and secure the servers that do the re-direct. It’s not huge, but they are in scope.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Announcements

If you are posting a comment, be patient, as the comments will not be published until they are approved.

If your organization has a PCI opportunity, is in need of assistance with a PCI issue or if you would like the PCI Guru to speak at your meeting, you can contact the PCI Guru at pciguru AT gmail DOT com.

I do allow vendors to post potential solutions in response to issues that I bring up in posts. However, the PCI Guru does not endorse any specific products, so "Caveat Emptor" - let the buyer beware. Also, if I feel that the response is too "sales-ee", I reserve the right to edit or not even authorize the response.

Calendar

November 2013
M T W T F S S
« Oct   Dec »
 123
45678910
11121314151617
18192021222324
252627282930  

Enter your email address to subscribe to the PCI Guru blog and receive notifications of new posts by email.

Join 1,774 other followers


%d bloggers like this: