« Log Intelligence Jumps Outside the Box at VeriSign | Main | Survey: Most insider-related data breaches go unreported »

PCI Standard Gets Teeth

Often standards emerge out of necessity. Take the case of Payment Card Industry (PCI) Data Security Standard, something we are very focused on here at LogLogic. The standard for compliance was borne out of necessity and the scope of the requirements were adopted from Visa and MasterCard's own policies of how they felt it should be set up -- and is focused on those requirements that are key to their operations.

Last week American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International announced the formation of an independent council designed to manage the ongoing evolution of PCI DSS. The newly minted PCI Security Standards & Council's stated goal is to improve payment account security. This is great news for consumers and vendors in advance of a significant shopping season.

As part of their first order of business, the group is proposing some key changes to the standard, notably releasing a new set of technical criteria that will address evolving security threats. And front and center is some policies on logging data, monitoring and retaining data. The new directive Payment Card Industry Data Security Standard (DSS) v 1.1 is available here (pdf) and notably calls for merchant data to be retained for one year to meet compliance.The new set of guidelines will be the only recognized standard, says the Council, beginning January 2007.

Technorati : Compliance, PCI, PCI Compliance

Posted September 11, 2006 in Compliance , Security | Permalink

---

Visit loglogic.com

Subscribe to this blog’s feed

• November 2007
• October 2007
• September 2007
• August 2007
• July 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007
• January 2007
• December 2006
• November 2006
• October 2006
• September 2006
• August 2006
• July 2006
• June 2006
• May 2006
• April 2006
• March 2006
• February 2006
• January 2006
• December 2005
• November 2005
• October 2005
• September 2005

Blogroll

• CynergisTek
• Bruce Schneier
• InfoSecDaily

Compliance

• Continuity Central
• Compliance Pipeline
• SOX Compliance Journal
• Sarbanes-Oxley 101

Good Reading

• Log Management ROI
• Log Management Best Practices
• SANS Institute Log Management White Paper

LogLogic

• O’Reilly
• Anton Chuvakin
• LogLogic.Com
• Jian Zhen

LogLogic Partners

• Juniper Networks
• ONStor
• Counterpane
• Bluecoat

Sites We Watch

• The Merc
• CRN
• IT Architect
• The Reg
• Security Focus
• Slashdot
• TechWeb
• SANS
• C/Net
• CIO Insight
• InformationWeek
• Jamie Lewis - Burton Group
• eWeek
• IT Manager's Journal
• MIT Magazine
• VNU