Monthly Archives: May 2012

PCI DSS Vulnerability & Penetration Testing

As a standard that pays a lot of attention to practical activities, the PCI DSS mandates a range of testing activities. We frequently see confusion about what needs to be tested, how and when. At the end of this post is a link to our short guide to all PCI DSS testing requirements. Some key… Read more »

New QIR Program for Integrators and Resellers

If you’re an integrator or reseller of a PA-DSS application or a PA-DSS software vendor implementing PA DSS applications within the merchant environment, then this will be of interest to you. The PCI SSC has announced the Qualified Integrators and Resellers program. This will train and certify software integrators and resellers on the secure installation… Read more »

PCI DSS Mandatory Risk Ranking

PCI requirement 6.2 “Establish a process to identify and assign a risk ranking to newly discovered security vulnerabilities” includes the additional note: “The ranking of vulnerabilities as defined in 6.2.a is considered a best practice until June 30, 2012, after which it becomes a requirement.” As the summer (at least in the Northern Hemisphere) is… Read more »