Is there an update to PCI DSS guidelines? What do PCI DSS updates mean to my enterprise?
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Commerce in our modern world relies on electronic payments using credit or debit "payment cards," and the Payment Card Industry (PCI) has long-established a Data Security Standard (DSS). The PCI DSS provides guidance and support to enhance security for payment cards, which includes specifications, tools and metrics. The idea is to help organizations that accept payment cards to protect sensitive cardholder data.
The last update to PCI DSS took place in late 2012 with a move from version 1.2.1 to version 2.0. Although there are no major revisions on the horizon, it is certainly important for organizations to consider the implications for any changes to PCI DSS.
For example, a principal goal of PCI DSS is to build and maintain a secure network. This means an organization must take a proactive role in network security and respond to any threats that might potentially compromise cardholder data. For example, no business should use equipment vendor defaults for passwords or security setups. Organizations must also take steps to protect cardholder data through physical security -- such as least-privilege storage access -- and encryption for data both at rest and in flight.
Organizations must manage vulnerabilities by maintaining anti-malware software and applying security patches to operating systems, applications, firmware and other potential points of vulnerability. Networks should also be monitored for access, especially to cardholder data, and tested regularly for potential security gaps.
Cloud computing can bring significant cost and management benefits to organizations, but those benefits are not automatic. Organizations must understand the role that cloud services play, the limitations of cloud services on important tasks such as data storage, the mixed benefits of formal cloud education and the impact of changing security standards on cloud users.
About the Author
Stephen J. Bigelow, senior technology editor in the data center and virtualization media group at TechTarget Inc., has more than 20 years of technical writing experience in the PC and technology industry. He holds a bachelor of science in electrical engineering, along with CompTIA A+, Network+, Security+ and Server+ certifications, and has written hundreds of articles and more than 15 feature books on computer troubleshooting, including Bigelow's PC Hardware Desk Reference and PC Hardware Annoyances.
Dig Deeper on Data security in the cloud
Related Q&A from Stephen J. Bigelow
Our organization uses System Center and its components for management, but we want to reduce the number of tools we use. Can Microsoft Operations ...continue reading
The latest version of vSphere brings new capabilities to the vSphere Distributed Switch. So how do you go about upgrading an outdated version of vDS?continue reading
We'd like to move infrequently accessed data to cold storage to save money. How does Amazon Glacier work and what are some of the main features?continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.