Other articles |
New PCI DSS standard to cover cloudCompliance joins bandwagon Written by Mark Mayne (SecurityVibes)
Published on Wednesday 25 November 2009 0 comment(s) | Subnetwork United Kingdom The next iteration of the Payment Card Industry Data Security Standard (PCI DSS) will cover virtualisation security and cloud architectures in particular, it has been confirmed. Bob Russo, the General Manager of the PCI Council, said: “We’ve had a lot of feedback that virtualisation guidelines are required, and we’ll be working on exactly what form these will take over the next six months. It’s a huge and complex area, and needs a lot of definition work to be done. Of course, we don’t want to come out with a new standard so draconian that it bumps everyone out of compliance!” A new, updated PCI standard is due to be released mid-2010. New Special Interest Groups (SIG) are also due to be established due to increased demand. “We’ve had 15-20 requests for new SIGs, and we’ll be taking several of these forward. Suggestions include ATM, and specific verticals such as hospitals, hotels and airlines”, continued Russo. The recently-formed Wireless Group SIG published its first report in July 2009, and is due to produce another covering Bluetooth implementations, often used in POS situations. Wireless security is still a topic of some sensitivity following the well-publicised breach of 45.7 million credit and debit card numbers at TJX in 2007. “One thing we are extremely keen on is reducing the scope of compliance, so making it less of a resource drain. On the other hand, we don’t end up with a box-ticking mentality to compliance, or all-in-one single solutions – that would be the opposite of success. It’s all about people, processes and technology, in that order”, continued Russo. The PCI Council has just completed a consultation process across merchants, service providers, financial institutions, vendors, QSAs and ASVs and third party experts. This information will now be discussed and reviewed by the Council and Board of Advisors. The PCI Security Standards Council was formed by payment card brands including American Express, JCB, MasterCard and Visa to provide a development forum for the PCI Data Security Standard (DSS), PIN Entry Device (PED) Security Requirements and the Payment Applications Data Security Standard (PA-DSS). - More on the PCI Wireless report
Our members have posted 0 comments about this article. Only members can view and submit new comments.
Related contents
|
Advertising
Related Questions & Answers
Related companies
Search
Our RSS Feeds
Social Web
|
|||||||||||||||||||||||||||||
Audio Podcast
9
0
0
