Is there an update to PCI DSS guidelines? What do PCI DSS updates mean to my enterprise?
Commerce in our modern world relies on electronic payments using credit or debit "payment cards," and the Payment Card Industry (PCI) has long-established a Data Security Standard (DSS). The PCI DSS provides guidance and support to enhance security for payment cards, which includes specifications, tools and metrics. The idea is to help organizations that accept payment cards to protect sensitive cardholder data.
The last update to PCI DSS took place in late 2012 with a move from version 1.2.1 to version 2.0. Although there are no major revisions on the horizon, it is certainly important for organizations to consider the implications for any changes to PCI DSS.
For example, a principal goal of PCI DSS is to build and maintain a secure network. This means an organization must take a proactive role in network security and respond to any threats that might potentially compromise cardholder data. For example, no business should use equipment vendor defaults for passwords or security setups. Organizations must also take steps to protect cardholder data through physical security -- such as least-privilege storage access -- and encryption for data both at rest and in flight.
Organizations must manage vulnerabilities by maintaining anti-malware software and applying security patches to operating systems, applications, firmware and other potential points of vulnerability. Networks should also be monitored for access, especially to cardholder data, and tested regularly for potential security gaps.
Cloud computing can bring significant cost and management benefits to organizations, but those benefits are not automatic. Organizations must understand the role that cloud services play, the limitations of cloud services on important tasks such as data storage, the mixed benefits of formal cloud education and the impact of changing security standards on cloud users.
About the Author
Stephen J. Bigelow, senior technology editor in the data center and virtualization media group at TechTarget Inc., has more than 20 years of technical writing experience in the PC and technology industry. He holds a bachelor of science in electrical engineering, along with CompTIA A+, Network+, Security+ and Server+ certifications, and has written hundreds of articles and more than 15 feature books on computer troubleshooting, including Bigelow's PC Hardware Desk Reference and PC Hardware Annoyances.
Related Q&A from Stephen J. Bigelow
Is it better to approach a potential Windows Server 2016 upgrade using in-house staff, or should we seek the help of consultants?continue reading
Companies exploring Windows Server 2016 wonder how disruptive upgrading will be. The first step to a pain-free move is to get IT teams up to speed.continue reading
Amazon Elastic File System is one of a handful of choices for data storage. What are its strengths and weaknesses compared to other storage services?continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.