Wednesday, February 20, 2019
  • Data Breach at Stanford Exposes Student Records, Personal Info
  • Avast Security-Themed Events at MWC 2019 | Avast
  • Even with security flaws, you should be using a password manager
  • Security Startup Boldly Claims ‘No False Positives’
  • Google in hot water after not revealing it had hidden a secret microphone in home alarm product

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
    • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Threats & Breaches » Vulnerabilities » How the CIS Controls Can Help You Achieve PCI DSS 3.2 Compliance

How the CIS Controls Can Help You Achieve PCI DSS 3.2 Compliance

by David Bisson on August 5, 2018

Compliance with version 3.2 of the Payment Card Industry Data Security Standard (PCI DSS) is a must for organizations that handle, process, transmit and store payment card data. But compliance isn’t always easy to establish or maintain. Indeed, there are certain challenges along the way that can make organizations’ compliance with PCI DSS 3.2 superficial and short-lived.

To beat those challenges, organizations need to go beyond the checkbox and pursue PCI compliance as a continuous process. One of the ways they can do this is by mapping the six objectives and 12 requirements in version 3.2 of the Standard to the Center for Internet Security’s Critical Security Controls (“the CIS Controls”). In so doing, organizations can learn where they need to adjust their efforts to maximize the efficacy of their digital security programs.

Below is a breakdown of how certain CIS Controls, in particular, can help with achieving and maintaining PCI compliance.

PCI Objective #1: Build and Maintain a Secure Network

Under the first objective of PCI DSS 3.2, organizations must build and maintain a secure network by fulfilling two requirements:

  1. Install and maintain a firewall configuration to protect cardholder data.
  2. Do not use vendor-supplied defaults for system passwords and other security parameters.

Five of CIS Controls can help organizations fulfill this objective and its two attending requirements. Companies can start with Control 5 to secure the configurations of their hardware and software. If they implemented Control 5 successfully, organizations will be equipped to fulfill Control 11 and achieve secure configurations for network devices. They can then use Control 7 to ensure email and web protections, including the use of only fully supported browsers and email clients. On top of those measures, organizations can perform regular automated port scans and manage all devices remotely logging (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/regulatory-compliance/pci/how-the-cis-controls-can-help-you-achieve-pci-dss-3-2-compliance/

August 5, 2018August 6, 2018 David Bisson cis controls, Featured Articles, PCI, PCI DSS, Vulnerability Management
  • ← The Top Security Tools to Use Across the Cyber Kill Chain
  • Security as a Quality Gate for DevOps →
Featured Blog

Verodin Blog

Security Instrumentation for the Casino & Gaming Industry by Brian Contos

Verodin Blog

The Transformation of Talent & Technology by Kevin Morrison

Verodin Blog

Instrumenting Carbon Black with Verodin SIP

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

WordPress Sites Hacked Through Vulnerable Payment Forms Plug-in
Cybersecurity Issues in Mobile App Development
Trust Nothing if You Want Real Security
Password Security Fears Strong Among IT Pros
How the FFE’s Expansion to the U.S. Will Help Combat Financial Cyberattacks
Rietspoof Malware Family Increases Activity | Avast
A Breakdown of Azure® AD
The Inaugural RSA Conference Launch Pad: Empowering Early-stage Innovators In Cybersecurity
Securing Clients in SAP S/4HANA and Netweaver ABAP
Preventing Illegal Robocalls, Webcam Spying, Dating App Account Hacking – WB56

Upcoming Webinars

Tue 26

Reducing Risk of Credential Compromise at Netflix

February 26 @ 1:00 pm - 2:00 pm
Apr 01

Container Security: Securing from Within

April 1 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Mobile-to-Mainframe: The Definitive Guide to Achieving Compliance

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Failure to Plan: 3 Unexpected Security Challenges That Undermine Your CISO
CISO Suite Cybersecurity Industry Spotlight Security Boulevard (Original) 

Failure to Plan: 3 Unexpected Security Challenges That Undermine Your CISO

February 20, 2019 Stephen Moore | 2 hours ago 0
Password Security Fears Strong Among IT Pros
Cybersecurity Identity & Access Industry Spotlight Security Boulevard (Original) 

Password Security Fears Strong Among IT Pros

February 19, 2019 Majid Latif | Yesterday 0
Cybersecurity Issues in Mobile App Development
Cybersecurity Industry Spotlight Mobile Security Security Boulevard (Original) 

Cybersecurity Issues in Mobile App Development

February 18, 2019 Ritesh Patil | 2 days ago 0

Top Stories

Security Startup Boldly Claims ‘No False Positives’
Cybersecurity Data Security Featured News Security Boulevard (Original) Spotlight 

Security Startup Boldly Claims ‘No False Positives’

February 20, 2019 B. Cameron Gain | 1 hour ago 0
North Korean Lazarus Group Starts Targeting Russian Organizations
Endpoint Featured Malware News Security Boulevard (Original) Spotlight 

North Korean Lazarus Group Starts Targeting Russian Organizations

February 20, 2019 Lucian Constantin | 2 hours ago 0
WordPress Sites Hacked Through Vulnerable Payment Forms Plug-in
Data Security DevOps Featured Identity & Access News Security Boulevard (Original) Spotlight Vulnerabilities 

WordPress Sites Hacked Through Vulnerable Payment Forms Plug-in

February 15, 2019 Lucian Constantin | 4 days ago 0

Security Humor

via   the Comic Noggins of  Nitrozac   and  Snaggy   at  The Joy of Tech®

The Joy of Tech®: ‘News Of Apple News’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.