Posts by Dustin Rich

Dustin is a Senior Manager at A-LIGN and has performed and/or managed hundreds of PCI DSS assessments over the past 11 years. As an IT professional with over 20 years of IT experience, Dustin has the technical background and experience to manage large complex IT environments. Dustin has worked with Fortune 500 companies, large retail environments, higher education, independent sales organizations (ISO), payment gateways, and merchant and issuing banks.
01.30.2020
Understanding PCI DSS Requirement 6.4.6

How do significant changes affect PCI DSS? PCI DSS 6.4.6. is a requirement for organizations to use to ensure that appropriate controls have been reviewed and implemented.
Read More07.30.2019
How to Know if an MSP is PCI DSS Compliant

Managed service providers (MSPs) provide a valuable service by outsourcing information technology services, but they need to be compliant with the Payment Card Industry Data Security Standard (PCI DSS) – and just because they say they’re PCI DSS compliant doesn’t mean they’re a good fit. Below are our tips to go beyond the PCI DSS […]
Read More02.13.2019
Alert: High Severity Vulnerability to runC

A high severity vulnerability to runC was discovered this week that could have an impact on the security of customers running with virtual or cloud service environments.
Read More01.25.2018
PCI DSS v3.2 and the Penetration Testing Requirements for Service Providers

In April 2016, the Payment Card Industry Security Standards Council (PCI SSC) released PCI Data Security Standard (PCI DSS) version 3.2. With the updates came clarification to requirements, additional guidance, and the additional seven new requirements.
Read More07.20.2017
PCI DSS: Updated Penetration Testing Requirements – Frequently Asked Questions

Is your organization prepared for the upcoming PCI DSS requirement going into effect? To prepare your organization for this change, our team has assembled an FAQ to address any of your potential questions. Read now: What to Expect from PCI DSS 3.2 What is the new penetration testing requirement? Requirement 11.3.4.1 requires that organization perform […]
Read More02.22.2017
Outline of Guidance for PCI DSS Scoping and Network Segmentation
In order to clarify scoping and network segmentation principles in PCI DSS, the PCI SSC has released additional guidance in order to help organizations identify what systems are considered in scope for PCI DSS assessments. This guidance was developed by industry experts and the PCI SSC Board of Advisors in order to assist organizations in […]
Read More01.12.2017
3 Security Trends that will Continue in 2017
With the ushering in of another new year, I find myself acting nostalgic, wondering where the previous year went and of course pondering the year ahead. Here are three security and commerce trends which will continue in 2017. Healthcare Data Breach According to the Privacy Rights Clearinghouse, healthcare data breaches in 2016 comprised of 290 […]
Read More11.18.2016
Visa Global Registry of Service Providers: Are you on the list?

Visa has released new tools and changes, which add value to service providers who store, process, or transmit cardholder data on behalf of merchants or other entities. For years, Visa has offered service providers the Visa Global Registry of Service Providers, a prestigious list of entities which meet certain criteria and have completed a PCI […]
Read More05.16.2016
What to Expect from PCI DSS 3.2
Earlier this year, we wrote about how to prepare for PCI DSS 3.2. Now, organizations should begin to implement changes with the PCI DSS 3.2 official release. These standards should be adopted as soon as is possible, as version 3.1 will expire on October 31, 2016 with all new requirements being implemented February 1, 2018 […]
Read More05.12.2016
PCI DSS Scoping for Colocation Providers: To Include or Not to Include?
Author: Dustin Rich, CISSP, (ISC)2, CISA, ISACA, PCI QSA, PA QSA, MCSE, CCNA, CCA, and Managing Consultant at A-LIGN. A-LIGN is heavily involved in the colocation industry, performing PCI DSS assessments as well as additional compliance audits to colocation providers throughout the US, as well as internationally. When approached by clients about adhering to PCI […]
Read More