Viewing posts for the category PCI DSS

Microsoft My Bulletins & PCI Compliance

Microsoft just released a new tool for their Security TechCenter. Its a pretty straight-forward service called My Bulletins [^1]. Basically it provides a customized dashboard to present Microsoft security bulletins. The nice thing is that you can customize the dashboard to only receive notices for those Microsoft products you use and care about.

Read More


PCI Policy Documentation

Without fail, the first time an organization goes through the PCI gap assessment, remediation, and assessment cycle, they always underestimate the amount of specificity required by the PCI DSS. Smaller companies will spend a significant amount of time drafting and adopting new policies within their organization, while larger companies will spend their time trying to find which existing policies satisfy which requirements, making adjustments as necessary.

Read More


My Software is End-of-support, Who Cares?

With the ultimate demise of Windows XP comes questions of what it really means that software is "unsupported?" I get this question a lot when a client reads through a penetration test report for their environment and wants to know why they can't use an out-of-date version of XYZ webserver software or Windows XP (which, by the way, was supported for just shy of twelve years).

Read More



Self-Assessment Questionnaire C-VT Explained

With the newest version of the PCI DSS came a new SAQ type - SAQ C-VT. This particular SAQ form is geared toward a special branch of merchant. Even though SAQ C-VT qualifying merchants use the Internet to process credit card data, they do it in such a way that most of the responsibility of security is off-loaded to a third party. In order to qualify for SAQ C-VT, merchants must use a third party virtual terminal to process all credit card transactions.

Read More

GET IN TOUCH

Call us at (214) 556-6613 or   CONTACT US