Is there an update to PCI DSS guidelines? What do PCI DSS updates mean to my enterprise?
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Commerce in our modern world relies on electronic payments using credit or debit "payment cards," and the Payment Card Industry (PCI) has long-established a Data Security Standard (DSS). The PCI DSS provides guidance and support to enhance security for payment cards, which includes specifications, tools and metrics. The idea is to help organizations that accept payment cards to protect sensitive cardholder data.
The last update to PCI DSS took place in late 2012 with a move from version 1.2.1 to version 2.0. Although there are no major revisions on the horizon, it is certainly important for organizations to consider the implications for any changes to PCI DSS.
For example, a principal goal of PCI DSS is to build and maintain a secure network. This means an organization must take a proactive role in network security and respond to any threats that might potentially compromise cardholder data. For example, no business should use equipment vendor defaults for passwords or security setups. Organizations must also take steps to protect cardholder data through physical security -- such as least-privilege storage access -- and encryption for data both at rest and in flight.
Organizations must manage vulnerabilities by maintaining anti-malware software and applying security patches to operating systems, applications, firmware and other potential points of vulnerability. Networks should also be monitored for access, especially to cardholder data, and tested regularly for potential security gaps.
Cloud computing can bring significant cost and management benefits to organizations, but those benefits are not automatic. Organizations must understand the role that cloud services play, the limitations of cloud services on important tasks such as data storage, the mixed benefits of formal cloud education and the impact of changing security standards on cloud users.
About the Author
Stephen J. Bigelow, senior technology editor in the data center and virtualization media group at TechTarget Inc., has more than 20 years of technical writing experience in the PC and technology industry. He holds a bachelor of science in electrical engineering, along with CompTIA A+, Network+, Security+ and Server+ certifications, and has written hundreds of articles and more than 15 feature books on computer troubleshooting, including Bigelow's PC Hardware Desk Reference and PC Hardware Annoyances.
Dig Deeper on Data security in the cloud
Related Q&A from Stephen J. Bigelow
AWS Directory Service provides three options for running Active Directory in the cloud: Microsoft AD, Simple AD and AD Connector. What are the ...continue reading
Our enterprise connects resources in AWS to a local directory. What support does AWS Directory Service offer for messaging, and how can notifications...continue reading
Establishing a hybrid cloud is challenging enough without having to worry about management hassles. How can we connect and apply our existing Active ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.