Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Get Ready for PCI 3.0 SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Get Ready for PCI 3.0

RIght on schedule (see their lifecycle doc at https://www.pcisecuritystandards.org/pdfs/pci_lifecycle_for_changes_to_dss_and_padss.pdf), the folks at PCI DSS have released a "what to expect" document for PCI 3.0.  I'm a bit late commenting on this - somehow I missed this when it was posted in August.  Specifically called out in the doc are:

  • Lack of education and awareness
  • Weak passwords, authentication
  • Third-party security challenge
  • Slow self-detection, malware
  • Inconsistency in assessments


The change document is here: https://www.pcisecuritystandards.org/documents/DSS_and_PA-DSS_Change_Highlights.pdf

It'll be interesting to see what the final document will look like when it's released in November, and what happens when QSA's turn the PCI guidance into audit findings and recommendations.

==============
Rob VandenBrink
Metafore

 Rob VandenBrink

546 Posts
ISC Handler
Sep 5th 2013
Subscribe Sep 5th 2013
7 years ago

Sign Up for Free or Log In to start participating in the conversation!