
3 Key Challenges To Being PCI 3.2 Compliant and How To Resolve Them
The latest revision to PCI DSS, PCI 3.2, provides specific security guidance on the handling, processing, transmitting and storing of credit card data. PCI 3.2 presents an opportunity for retail, healthcare, finance and hospitality organizations to minimize the theft, exposure and leakage of their customer’s personal and financial credit information by strengthening weakened security controls.
For example, PCI 3.2 has provisions for 2-factor authentication, preventing weak passwords and restricting access to cardholder information.
Despite the benefits, compliance with PCI 3.2 is not without its challenges.
Tedious Audits
A lot of time and effort is often required to attain compliance, and as a result, some organizations focus on passing the PCI audit and proving compliance at that point in time. But then over time, configuration changes push the environment out of compliance, making those environments less secure, and increases cybersecurity risk.
The result is that the next time, there is even more effort – time and resources – that needs to be expended to achieve compliance.
Configuration Drift
Even when compliance with PCI DSS is achieved, it is easy to be lulled into a false sense of security, thinking that just being compliant results in a secure environment. This is when systems can “drift” out of compliance, even though at a particular point in time the organization may have undergone third-party penetration testing and vulnerability assessments and passed an audit.
However, the PCI Security Standards Council states “to ensure security controls continue to be properly implemented, PCI DSS should be implemented into BAU (business as usual) activities as part of an entity’s overall security strategy.”
BAU translates into continuous compliance every day.
Technical Skills Gap
Organizations are challenged with complying with PCI 3.2 and mitigating growing cybersecurity risks while grappling with the technical skills gap (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Onyeka Jones. Read the original post at: https://www.tripwire.com/state-of-security/regulatory-compliance/pci/3-key-challenges-to-being-pci-3-2-compliant-and-how-to-resolve-them/