category:

PCI DSS

Article

NIST SP 800-171 Framework Series: Access Control

Who has access, or rather who should have access, to your organizational systems and data? Organizations that handle personally identifiable information or other sensitive information types must take extra steps to ensure access to that information is closely controlled.

NIST Framework
Read More about the NIST SP 800-171 Framework Series: Access Control
Article

Diagramming the Cardholder Data Flow

Before you can protect your organization from a payment card data breach, you must first know the different locations, methods, and systems by which you are accepting payments. A data flow diagram should identify where cardholder data is stored, processed, or transmitted within the network, and between individual systems and devices.

PCI DSS
Read More about the Diagramming the Cardholder Data Flow
Article

Landing Your Organization in the Service Provider Role

If part of your organization is a legally separate entity and has a separate relationship with their acquiring bank with their own Merchant IDs, then the entity providing the payment support services is likely acting as a PCI service provider.

PCI DSS
Read More about the Landing Your Organization in the Service Provider Role
Article

Incident Management: Planning a Tabletop Exercise

A tabletop exercise shouldn't require extensive resources and should help you validate effective policies and procedures, strengthen relationships with team members and partners, and identify any critical gaps or weaknesses in your disaster recovery efforts.

Incident Response
Tabletop Exercise Planning about the Incident Management: Planning a Tabletop Exercise
Article

Structuring your Compliance and Security Team

How do you go about structuring your compliance and security team and who needs to be involved? Assembling a team responsible for developing goals, identifying relevant departments, and maintaining communication with the rest of the campus community is an essential component.

PCI DSS
Read More about the Structuring your Compliance and Security Team
Article

DFARS Cybersecurity Requirements

DFARS provides a set of basic security controls based on National Institute of Standards and Technology Special Publication 800-171 (NIST SP 800-171) that should be applied to all systems processing, storing, or transmitting this information.

NIST Framework
Read More about the DFARS Cybersecurity Requirements
Article

SSL/Early TLS: Deadline for Migration

Per the PCI DSS, all entities must have ceased use of SSL/early TLS as a security control, and use only secure versions of the protocol, after June 30, 2018.

PCI DSS
Read More about the SSL/Early TLS: Deadline for Migration
Article

What Is Network Segmentation Testing?

Learn more about network segmentation, a common practice to reduce risk by restricting access to secure networks like your cardholder data environment (CDE) from less secure networks like your student wireless.

Penetration Testing
Read More about the What Is Network Segmentation Testing?
Article

DSST Testing Centers – A PCI Concern?

When a computer workstation is used for processing payments, it must be secured to only allow access to documented and approved functions and web sites and should be segmented from the rest of the institution’s network. Here are a few of the controls that must be implemented:

PCI DSS
Read More about the DSST Testing Centers – A PCI Concern?