The PCI Guide includes interactive and printable IT checklists for every requirement, stories and tips from our security analysts (QSAs), forensic data breach research data, as well as the latest updates on PCI DSS compliance.
The year 2020 was challenging for most of the world. And with a global pandemic and lockdowns, businesses had to scramble to stay afloat and deal with new payment data security variables such as remote workers, an increase in cybersecurity threats, and changes in operations to almost all areas of their business.
In the face of these challenges, PCI DSS compliance is more important for merchants than ever. The Payment Card Industry Data Security Standard was established in 2006 to help merchants protect payment data. Compliance with the PCI DSS is an industry requirement for any company that accepts major credit cards and can help them develop their own robust security program.
The PCI DSS has twelve requirements, each of which covers a different aspect of security. According to SecurityMetrics forensic research data–based on investigations of breached companies–no investigated business that was breached was compliant with all twelve requirements at the time of the compromise. In many cases, noncompliance with requirements like logging and log management (requirement 10) and vulnerability scanning (requirement 11) directly contributed to the data breaches.
The good news is that these and other security issues are fixable, and SecurityMetrics’ mission is to help you fix them, maintain compliance, and avoid payment data compromise. Every year, SecurityMetrics’ teams collaborate to update and release the Guide to PCI DSS Compliance in accordance with this goal.
The PCI Guide includes interactive and printable IT checklists for every requirement, stories and tips from our security analysts (QSAs), forensic data breach research data, as well as the latest updates on PCI DSS compliance. It is meant to be a tool in the arsenal of a CISO, IT manager, security officer, or anyone involved in security and compliance.
Audit Director, Matt Halbleib (CISSP, CISA, QSA), said "We publish our guide to give businesses of all sizes a tool to understand and organize their PCI compliance efforts. Maintaining PCI compliance in an environment-specific way helps businesses protect their data, detect breaches, and keep cybercriminals off their network."
The 2021 PCI DSS Guide has been updated to include:
"Businesses who utilize the Guide to PCI DSS Compliance can better organize their compliance efforts and understand the way PCI compliance requirements affect cybersecurity. On top of that, the PCI Guide is a great training tool when assigning new resources to your PCI compliance effort,” said SecurityMetrics VP of Assessments Gary Glover (CISSP, CISA, QSA).
The SecurityMetrics PCI Guide includes forensic investigations results from 2020. These results include data on which PCI DSS requirements were or were not implemented at the time of compromise, whether non-compliance contributed to the breach, as well as forensic takeaways to help businesses connect PCI compliance to cybersecurity and better protect against threat actors.
Interestingly, noncompliance with vulnerability scanning, penetration testing, and risk management requirements contributed frequently to data breaches.
REQUIREMENT 1: Protect Your System With Firewalls
REQUIREMENT 2: Use Adequate Configuration Standards
REQUIREMENT 10: Implement Logging and Log Monitoring
REQUIREMENT 11: Conduct Vulnerability Scans and Penetration Testing
REQUIREMENT 1: Protect Your System With Firewalls
REQUIREMENT 2: Use Adequate Configuration Standards
REQUIREMENT 10: Implement Logging and Log Monitoring
REQUIREMENT 11: Conduct Vulnerability Scans and Penetration Testing
Forensic contributions also include predictions about what threat and data breach trends we will see in 2021. These predictions include issues like e-commerce attacks, remote virtual meetings, and a return to cybercrime in the physical world.
The PCI DSS is a security standard that can provide an organized and comprehensive framework for any environment. It includes specific SAQs, based on variables like the way companies take payment information. These SAQs cover which specific places businesses need to look to start their data security programs and can save companies time and money.
Download a copy of the SecurityMetrics Guide to PCI DSS Compliance here to get started.
“I needed quick and straightforward guidance on how the PCI DSS requirements apply to software development. I was able to quickly find what I needed written in a way that was both quickly digestible and highly understandable. This resolved the concerns we had and reinforced the importance of the standardization of process controls we are putting in place.”–kconway, Freedom Mobile
“This is a fantastic guide for merchants on any level to work towards becoming PCI compliant, it also serves as a great resource to train future hires!”
“Excellent guide to PCI compliance which provides a manageable template to develop internal policies and procedures.”
“The Security Metrics Guide was very comprehensive and definitely extremely useful. I especially benefited from the IT checklist guide.”
“...SecurityMetrics Guide to PCI DSS Compliance is a one-stop guide to ensuring your organization is PCI DSS compliant. This is the best comprehensive guide I've found.”
“Made us aware of a lot of details concerning our security... also our service provider responsibilities, which we were not aware of. Provided us with valuable tips for firewalls and explained a lot of terminology that was unknown before PCI DSS.”
.svg)
