Is there an update to PCI DSS guidelines? What do PCI DSS updates mean to my enterprise?
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Commerce in our modern world relies on electronic payments using credit or debit "payment cards," and the Payment Card Industry (PCI) has long-established a Data Security Standard (DSS). The PCI DSS provides guidance and support to enhance security for payment cards, which includes specifications, tools and metrics. The idea is to help organizations that accept payment cards to protect sensitive cardholder data.
The last update to PCI DSS took place in late 2012 with a move from version 1.2.1 to version 2.0. Although there are no major revisions on the horizon, it is certainly important for organizations to consider the implications for any changes to PCI DSS.
For example, a principal goal of PCI DSS is to build and maintain a secure network. This means an organization must take a proactive role in network security and respond to any threats that might potentially compromise cardholder data. For example, no business should use equipment vendor defaults for passwords or security setups. Organizations must also take steps to protect cardholder data through physical security -- such as least-privilege storage access -- and encryption for data both at rest and in flight.
Organizations must manage vulnerabilities by maintaining anti-malware software and applying security patches to operating systems, applications, firmware and other potential points of vulnerability. Networks should also be monitored for access, especially to cardholder data, and tested regularly for potential security gaps.
Cloud computing can bring significant cost and management benefits to organizations, but those benefits are not automatic. Organizations must understand the role that cloud services play, the limitations of cloud services on important tasks such as data storage, the mixed benefits of formal cloud education and the impact of changing security standards on cloud users.
About the Author
Stephen J. Bigelow, senior technology editor in the data center and virtualization media group at TechTarget Inc., has more than 20 years of technical writing experience in the PC and technology industry. He holds a bachelor of science in electrical engineering, along with CompTIA A+, Network+, Security+ and Server+ certifications, and has written hundreds of articles and more than 15 feature books on computer troubleshooting, including Bigelow's PC Hardware Desk Reference and PC Hardware Annoyances.
Dig Deeper on Data security in the cloud
Related Q&A from Stephen J. Bigelow
Our enterprise wants to limit the time it spends generating Identity and Access Management policies. What tools are available to automate this task?continue reading
Multifactor authentication helps organizations verify account and user identities in the public cloud. But what do I do when my MFA devices fall out ...continue reading
We have restrictions imposed on in-house IT staff with AWS Identity and Access Management. How do IAM roles protect access to services, applications ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.