PCI Readiness Series: PCI Requirement 9

by KirkpatrickPrice / December 19, 2022

PCI Requirement 9: Restrict Physical Access to Cardholder Data PCI Requirement 9 evaluates all aspects of physical security controls to cardholder data – updated devices, visitor badges, security cameras, etc. The PCI DSS states, "Any physical access to data or systems that house cardholder data provides the opportunity for individuals to access devices or data and to remove systems or hardcopies, and should be appropriately restricted."  There are ten sub-requirements…

Read More

PCI Readiness Series: Penetration Testing

by KirkpatrickPrice / December 19, 2022

Building a Comprehensive Penetration Testing Methodology We often see clients struggling with the new requirements for penetration testing with regard to PCI compliance. The intent behind the new penetration testing methodology is to define the means and the methods by which a penetration test will be executed in your organization’s environment. Your organization’s penetration testing methodology should define the things that a penetration tester needs to do in order for…

Read More

PCI Readiness Series: PCI Requirement 8

by KirkpatrickPrice / December 19, 2022

This session in our PCI Readiness Series dives into PCI Requirement 8, specifically about identifying and authenticating access to system components. In this webinar, we will cover strong, secure passwords in transmission and storage, disabling accounts for terminated employees and unused accounts, changing default passwords, and disabling generic accounts with shared usernames and passwords.  PCI Requirement 8 establishes non-refutability and authentication security, covers all systems and applications, and has…

Read More

PCI Readiness Series: Scoping the Assessment

by KirkpatrickPrice / December 19, 2022

How to Scope a PCI Assessment Knowing how to scope a PCI assessment is crucial to your organization’s compliance. Defining a correct scope is the first and most important step. Scoping is so vital that assessors should not even begin the assessment until they have fully determined the scope. So, how does your organization determine if an asset is in scope? Any people, process, or technology that stores, processes, or…

Read More

PCI Readiness Series: PCI Requirement 7

by KirkpatrickPrice / December 19, 2022

What is PCI Requirement 7? In this webinar, our PCI expert spotlights PCI Requirement 7, which states, “Restrict access to cardholder data by business need-to-know.” This requirement is focuses on authorization and establishing a program of least privileges. PCI Requirement 7 supports the implementation of many of the controls in PCI Requirement 8.  In this webinar, we'll discuss several elements of creating a strong access control system, such as…

Read More