top of page

Some facts about the PCI DSS Standards & the way its being Assessed .

Updated: Oct 6, 2020

PCI DSS is for the environment processing , transmitting & storing Card Holder Data .

What if any of the business cannot mitigate a GAP , how do you tackle such problem as an Assessor ?

Work along with such Customer to define a Compensating control for the primarily deficient Control . Measure the risk level prior & post implementation of such control , if the risk has reduced to some level , to what level ? , is the risk now at the acceptable level ? . Implement additional control to monitor to ensure risk is mitigated to meet the base requirement . Ensure secondary controls together meet the rigor of primary control .

Having a Gap in the understanding on certain Technology or the Technical Controls leads to compromise on the quality of Assessment .

Yes absolutely , its very important for Assessor to develop the required minimum skills around the technology within the scope of the assessment to be one of those good Assessors/Auditors , this is one of biggest issue & the challenge right now in the Industry to be very straight & honest here . I personally have seen stories being written very far away from the requirement & the reality .

Even though the standards are very directive & descriptive in nature , but an Assessor should not just blindly follow it line by line , one need to apply the best of his skills & knowledge to be able to reason upon before drawing any conclusions .

Its very important for all of us to work towards bringing the best , to be able to create a world which is secure & safer for all . Keep working to follow continuous Improvement cycle process . I recommend to use Capability Maturity assessment Model on individuals first & then towards the teams & organisation to understand the GAP's to be able to move forward …..

23 views0 comments

Recent Posts

See All

Introduction Wireless networks often extend an existing wired infrastructure. The wired infrastructure may be quite complex to begin with, especially if it spans several buildings in a campus setting.

bottom of page