Archive for the 'ASV' Category

31
Jul
21

PCI Dream Team LIVE! Is Coming In October

The PCI Dream Team will be appearing LIVE at the (ISC)2 Security Congress in Orlando this Fall, Monday, October 18 through Wednesday, October 20, 2021.   Our session is scheduled for Tuesday, October 19, at 11:45 AM ET/ 1545 UTC.

While we will be live at the conference, you can also attend the conference and our session virtually.  So other than training budget limitations, there is no other good reason you cannot join us.

As usual, we will be taking questions live and via email at pcidreamteam AT gmail DOT com.  We also monitor Twitter if you use #pcidreamteam.

We are expecting our usual lively discussion of all topics PCI and other security standards if time allows.

We really are looking forward to physically seeing people at the conference.

01
Jun
18

ASV Program Modernization Effort

Here is a good one and not the first time this has happened.

According to the PCI SSC’s news release, one or possibly more Approved Scanning Vendors (ASV) have apparently been actively promoting an ‘ASV Program Modernization Effort’.  I have no idea what they would be “modernizing”, but apparently some ASVs think there needs to be modernization of the ASV program.

The bottom line from the Council is that this discussion of a modernization effort is not endorsed by the Council nor is the Council involved in these discussions.  As they stated in bold in the release:

“However, PCI SSC is not a participant in, and in no way endorses, is affiliated with, sponsors, or has contributed to the above-noted “ASV Program Modernization Effort.”

I am betting the ASVs involved in this effort are wishing they were not involved.  It clearly states in the various Code Of Conduct and contracts that such efforts are not allowed and can result in remediation and even termination of an ASV from the PCI program.

The lesson to be learned here is that if you are an ASV, QSAC, PA-QSAC or in any way affiliated with the PCI Council through one of their programs and you are approached about the ‘ASV Program Modernization Effort’ be polite but ignore it.




Announcements

If you are posting a comment, be patient, as the comments will not be published until they are approved.

If your organization has a PCI opportunity, is in need of assistance with a PCI issue or if you would like the PCI Guru to speak at your meeting, you can contact the PCI Guru at pciguru AT gmail DOT com.

I do allow vendors to post potential solutions in response to issues that I bring up in posts. However, the PCI Guru does not endorse any specific products, so "Caveat Emptor" - let the buyer beware. Also, if I feel that the response is too "sales-ee", I reserve the right to edit or not even authorize the response.

Calendar

September 2021
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
27282930  

Enter your email address to subscribe to the PCI Guru blog and receive notifications of new posts by email.

Join 2,423 other followers