Posts Categorized: ROC

ROC Reporting Template, PCI DSS V3

The PCI SSC has released the official ROC reporting template¬†for PCI DSS version 3. This is important because it now means that QSA companies can now conduct on-site assessments using¬†PCI DSS version 3. The reporting instructions are available for public inspection here.   Related Posts: PCI Penetration Testing 5 Essential Tips For Those New To… Read more »

New: Mobile Payment Acceptance Guidelines

Fresh from the PCI SSC – Mobile Payment Acceptance Guidelines. These are guidelines on payment acceptance using smartphone apps, and will be interesting reading to many of our readers. Download from here. Useful links: https://www.ambersail.com/what-is-sequel-injection/ https://www.ambersail.com/pci-dss-penetration-test-policy/ https://www.ambersail.com/blocking-your-penetration-tester/ https://www.ambersail.com/gdpr-now-the-dust-has-settled/

PCI DSS Mandatory Risk Ranking

PCI requirement 6.2 “Establish a process to identify and assign a risk ranking to newly discovered security vulnerabilities” includes the additional note: “The ranking of vulnerabilities as defined in 6.2.a is considered a best practice until June 30, 2012, after which it becomes a requirement.” As the summer (at least in the Northern Hemisphere) is… Read more »