Filed under: Web and Application Security
Tags: pa-dss, pci, pci dss, pci security standards council, WAF, web application firewall, windows security
Version 2.0 of PCI DSS and PA-DSS do not introduce any new major requirements. Key updates, clarifications and guidance include:
- Reinforcement of need for thorough scoping exercise prior to PCI DSS assessment in order to understand where cardholder data resides.
- Support for centralized logging included in PA-DSS to promote more effective log management.
- Validation, within certain requirements, of risk-based approach for addressing vulnerabilities, allowing organizations to consider their specific business circumstances and tolerance to risk when assessing and prioritizing vulnerabilities.
- Greater alignment between PCI DSS and PA-DSS to facilitate stronger security practices.
“The relatively minor revisions are a testament to the maturity of the standards and their ability to protect sensitive card data,” said Bob Russo, general manager, PCI Security Standards Council. “With the changes to the PCI DSS and PA-DSS outlined in advance, organizations will be better prepared to align their security programs with the updated standards and ensure security of their cardholder data.”
Ensure that you are complying to all current and future PCI standards by having an effective Web Application Firewall in place, such as ServerDefender VP; an important part of an organizations overall Web security plan. To find out more information on how ServerDefender VP can help you with your Windows Server security strategy, visit our ServerDefender VP product page.
/P80No Comments »