Archive for the 'ASV' Category

21
Jan
22

The Final Draft Of PCI DSS v4 Is Available

The wait is over for participating organizations, QSACs and ASVs. The PCI SSC announced this morning that the final draft of PCI DSS v4 is available to the primary contacts of those organization via the PCI Portal. The Council reiterated that the public release of PCI DSS v4 will be by the end of March 2022.

I guess I know where my weekend will be spent provided my primary contact downloads it today for me.

UPDATE: We really need to see the Report On Compliance (ROC) Reporting Template. There is some interesting stuff in the draft, but without the Reporting Template it is very hard to judge the impact the new version will have on assessments.

31
Jul
21

PCI Dream Team LIVE! Is Coming In October

The PCI Dream Team will be appearing LIVE at the (ISC)2 Security Congress in Orlando this Fall, Monday, October 18 through Wednesday, October 20, 2021.   Our session is scheduled for Tuesday, October 19, at 11:45 AM ET/ 1545 UTC.

While we will be live at the conference, you can also attend the conference and our session virtually.  So other than training budget limitations, there is no other good reason you cannot join us.

As usual, we will be taking questions live and via email at pcidreamteam AT gmail DOT com.  We also monitor Twitter if you use #pcidreamteam.

We are expecting our usual lively discussion of all topics PCI and other security standards if time allows.

We really are looking forward to physically seeing people at the conference.

01
Jun
18

ASV Program Modernization Effort

Here is a good one and not the first time this has happened.

According to the PCI SSC’s news release, one or possibly more Approved Scanning Vendors (ASV) have apparently been actively promoting an ‘ASV Program Modernization Effort’.  I have no idea what they would be “modernizing”, but apparently some ASVs think there needs to be modernization of the ASV program.

The bottom line from the Council is that this discussion of a modernization effort is not endorsed by the Council nor is the Council involved in these discussions.  As they stated in bold in the release:

“However, PCI SSC is not a participant in, and in no way endorses, is affiliated with, sponsors, or has contributed to the above-noted “ASV Program Modernization Effort.”

I am betting the ASVs involved in this effort are wishing they were not involved.  It clearly states in the various Code Of Conduct and contracts that such efforts are not allowed and can result in remediation and even termination of an ASV from the PCI program.

The lesson to be learned here is that if you are an ASV, QSAC, PA-QSAC or in any way affiliated with the PCI Council through one of their programs and you are approached about the ‘ASV Program Modernization Effort’ be polite but ignore it.




Welcome to the PCI Guru blog. The PCI Guru reserves the right to censor comments as they see fit. Sales people beware! This is not a place to push your goods and services.

June 2022
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
27282930