Friday, November 12, 2010

The PCI Security Standards Council Updates PCI DSS (V2.0)

Changes are logging-focused & intended to help businesses improve compliance and security

The PCI Security Standards Council (XYPRO is a member) officially unveiled updated versions of compliance with changes meant to clarify the requirements organizations face. The changes are coming as a direct result of the feedback the PCI Security Standards Council has received, and should help your business with its security and compliance efforts.  

The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

The key revisions cover areas such as log management and scoping the environment to understand where cardholders reside.  In fact, the council is pushing hard for centralized logging, stating that:

“If you don’t use a centralized logging facility your auditors will have to look in more places, and chances are, if they have to look in more than one place...you’ll wind up missing some of this stuff.  It is a "proven fact that every time we find a breach, it’s always found in the log.”

This change also coincides with HP adding XYGATE Merged Audit Software with every new NonStop server order. 

This centralization of NonStop Audit can also be sent Off-box to a centralized logging facility like HP's CLW and Arcsight offerings, meeting the Centralized Logging Facility requirement at the Enterprise Level.

There were also revisions meant to enable organizations to develop a risk-based assessment approach based on their specific business circumstances as well as changes designed to appeal to small merchants to simplify their compliance efforts.

The new versions will become effective Jan. 1. For more information, you can click here

For more information about the XYGATE Solution, visit www.xypro.com.

No comments:

Post a Comment