How to Know if an MSP is PCI DSS Compliant

PCI DSS Compliance

Managed service providers (MSPs) provide a valuable service by outsourcing information technology services, but they need to be compliant with the Payment Card Industry Data Security Standard (PCI DSS) – and just because they say they’re PCI DSS compliant doesn’t mean they’re a good fit. Below are our tips to go beyond the PCI DSS […]

Read More

Alert: High Severity Vulnerability to runC

CVE-2019-5736 Detail

A high severity vulnerability to runC was discovered this week that could have an impact on the security of customers running with virtual or cloud service environments. 

Read More

PCI DSS v3.2 and the Penetration Testing Requirements for Service Providers

Penetration-test-PCI

In April 2016, the Payment Card Industry Security Standards Council (PCI SSC) released PCI Data Security Standard (PCI DSS) version 3.2.  With the updates came clarification to requirements, additional guidance, and the additional seven new requirements.

Read More

PCI DSS: Updated Penetration Testing Requirements – Frequently Asked Questions

pci-dss

Is your organization prepared for the upcoming PCI DSS requirement going into effect? To prepare your organization for this change, our team has assembled an FAQ to address any of your potential questions. Read now: What to Expect from PCI DSS 3.2 What is the new penetration testing requirement? Requirement 11.3.4.1 requires that organization perform […]

Read More

Outline of Guidance for PCI DSS Scoping and Network Segmentation

In order to clarify scoping and network segmentation principles in PCI DSS, the PCI SSC has released additional guidance in order to help organizations identify what systems are considered in scope for PCI DSS assessments. This guidance was developed by industry experts and the PCI SSC Board of Advisors in order to assist organizations in […]

Read More

3 Security Trends that will Continue in 2017

With the ushering in of another new year, I find myself acting nostalgic, wondering where the previous year went and of course pondering the year ahead. Here are three security and commerce trends which will continue in 2017. Healthcare Data Breach According to the Privacy Rights Clearinghouse, healthcare data breaches in 2016 comprised of 290 […]

Read More

Visa Global Registry of Service Providers: Are you on the list?

compliance-trek

Visa has released new tools and changes, which add value to service providers who store, process, or transmit cardholder data on behalf of merchants or other entities. For years, Visa has offered service providers the Visa Global Registry of Service Providers, a prestigious list of entities which meet certain criteria and have completed a PCI […]

Read More

What to Expect from PCI DSS 3.2

Earlier this year, we wrote about how to prepare for PCI DSS 3.2. Now, organizations should begin to implement changes with the PCI DSS 3.2 official release. These standards should be adopted as soon as is possible, as version 3.1 will expire on October 31, 2016 with all new requirements being implemented February 1, 2018 […]

Read More

PCI DSS Scoping for Colocation Providers: To Include or Not to Include?

Author: Dustin Rich, CISSP, (ISC)2, CISA, ISACA, PCI QSA, PA QSA, MCSE, CCNA, CCA, and Managing Consultant at A-LIGN. A-LIGN is heavily involved in the colocation industry, performing PCI DSS assessments as well as additional compliance audits to colocation providers throughout the US, as well as internationally. When approached by clients about adhering to PCI […]

Read More

Preparing for PCI DSS 3.2 in 2016

  Author: Dustin Rich, CISSP, (ISC)2, CISA, ISACA, PCI QSA, PA QSA, MCSE, CCNA, CCA, and Managing Consultant at A-LIGN. This update, which will likely take place of the previously anticipated Q4 2016 update, will include changes that aim to take into account “market feedback” while also observing “trending attacks causing compromises.” Specific changes noted […]

Read More