Headline FeedsE-Commerce Times Talkback
|
|
Re: PCI 3.0, Part 2: Defining Your Cardholder Data Environment
Posted by: Kurt Hagerman 2014-03-17 06:52:26
See Full Story
New compliance guidelines went into effect earlier this year. While e-commerce organizations have until their 2015 audit to transition, the new controls are demanding enough operational and technical changes that smart businesses already have started preparing. If you're wondering where to get started, one of the first steps you should take is to thoroughly define and document your cardholder data environment, or CDE, and consider ways to limit its scope. By defining your CDE, you'll be better able to apply controls.
Re: PCI 3.0, Part 2: Defining Your Cardholder Data Environment
Posted by: DavidWWW 2018-04-29 00:54:48 In reply to: Kurt Hagerman
One of the most significant additions to the standard is the idea of making compliance a daily event, or business as usual (BAU), instead of an annual audit event.The new section provides “business as usual” guidance for implementing security into business-as-usual (BAU) activities to maintain on-going PCI DSS compliance. Compliance in the past had a tendency to be reactive since it was normally done in order to meet the annual or point-in-time obligation or review.3.0 makes specific recommendations for making PCI DSS (source/check those recommendations at http://ipsi.com.au/what-is-pci-dss-compliance/ ) part of everyday business processes and best practices for maintaining ongoing PCI DSS compliance.
