Posts Categorized: ROC

ROC Reporting Template, PCI DSS V3

The PCI SSC has released the official ROC reporting template for PCI DSS version 3. This is important because it now means that QSA companies can now conduct on-site assessments using PCI DSS version 3. The reporting instructions are available for public inspection here.   Related Posts: PCI Penetration Testing 5 Essential Tips For Those New To… Read more »

New: Mobile Payment Acceptance Guidelines

Fresh from the PCI SSC – Mobile Payment Acceptance Guidelines. These are guidelines on payment acceptance using smartphone apps, and will be interesting reading to many of our readers. Download from here. Useful links: https://www.ambersail.com/what-is-sequel-injection/ https://www.ambersail.com/pci-dss-penetration-test-policy/ https://www.ambersail.com/blocking-your-penetration-tester/ https://www.ambersail.com/gdpr-now-the-dust-has-settled/

PCI DSS Mandatory Risk Ranking

PCI requirement 6.2 “Establish a process to identify and assign a risk ranking to newly discovered security vulnerabilities” includes the additional note: “The ranking of vulnerabilities as defined in 6.2.a is considered a best practice until June 30, 2012, after which it becomes a requirement.” As the summer (at least in the Northern Hemisphere) is… Read more »