Friday, August 19, 2022
  • The four most important aspects of software due diligence audits
  • VPNs Don’t Work on iOS — and Apple Doesn’t Care
  • 3 Reasons Why CISOs are Prioritizing Cyber Risk Quantification
  • Bootstrapping An {ojs} Quarto Document With An Observable Notebook
  • Cybersecurity News Round-Up: Week of August 15, 2022

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Events
    • Upcoming Events
    • Upcoming Webinars
    • On-Demand Events
    • On-Demand Webinars
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About Us

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Threats & Breaches » Vulnerabilities » How the CIS Controls Can Help You Achieve PCI DSS 3.2 Compliance

SBN

How the CIS Controls Can Help You Achieve PCI DSS 3.2 Compliance

by David Bisson on August 5, 2018

Compliance with version 3.2 of the Payment Card Industry Data Security Standard (PCI DSS) is a must for organizations that handle, process, transmit and store payment card data. But compliance isn’t always easy to establish or maintain. Indeed, there are certain challenges along the way that can make organizations’ compliance with PCI DSS 3.2 superficial and short-lived.

AppSec/API Security 2022

To beat those challenges, organizations need to go beyond the checkbox and pursue PCI compliance as a continuous process. One of the ways they can do this is by mapping the six objectives and 12 requirements in version 3.2 of the Standard to the Center for Internet Security’s Critical Security Controls (“the CIS Controls”). In so doing, organizations can learn where they need to adjust their efforts to maximize the efficacy of their digital security programs.

Below is a breakdown of how certain CIS Controls, in particular, can help with achieving and maintaining PCI compliance.

PCI Objective #1: Build and Maintain a Secure Network

Under the first objective of PCI DSS 3.2, organizations must build and maintain a secure network by fulfilling two requirements:

  1. Install and maintain a firewall configuration to protect cardholder data.
  2. Do not use vendor-supplied defaults for system passwords and other security parameters.

Five of CIS Controls can help organizations fulfill this objective and its two attending requirements. Companies can start with Control 5 to secure the configurations of their hardware and software. If they implemented Control 5 successfully, organizations will be equipped to fulfill Control 11 and achieve secure configurations for network devices. They can then use Control 7 to ensure email and web protections, including the use of only fully supported browsers and email clients. On top of those measures, organizations can perform regular automated port scans and manage all devices remotely logging (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/regulatory-compliance/pci/how-the-cis-controls-can-help-you-achieve-pci-dss-3-2-compliance/

August 5, 2018August 6, 2018 David Bisson cis controls, Featured Articles, PCI, PCI DSS, Vulnerability Management
  • ← The Top Security Tools to Use Across the Cyber Kill Chain
  • Security as a Quality Gate for DevOps →

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Subscribe to our Newsletters

Most Read on the Boulevard

Gmail Lets Candidates Spam You — FEC FAIL
The Power of Provenance: From Reactive to Proactive Cybersecurity
Lacework Adds Time Series Modeling to Cybersecurity Platform
Incident Response Teams Fight Back With Virtual Patching
Cybersecurity in the Wake of Ukraine
What the SEC Can Tell Us About Board Governance of Cyber Risk
The Week in Cybersecurity: MFA shortcomings paved the way for Cisco breach
Black Hat insights: Getting bombarded by multiple ransomware attacks has become commonplace
1.5 Million Customers Impacted By US Bank Data Breach – Possible Lessons Learned
Black Hat: We Should Have Seen The Colonial Ransomware Attack Coming

Upcoming Webinars

Mon 22

API Security

August 22 @ 1:00 pm - 2:00 pm
Wed 24

Implementing Identity Access Prioritization and Risk-Based Alerting for High-Fidelity Alerts

August 24 @ 1:00 pm - 2:00 pm
Tue 30

CISO Talk Master Class Episode: Catch Lightning in a Bottle – The Essentials: Bringing It All Together

August 30 @ 1:00 pm - 2:00 pm
Sep 15

Finding Suspicious Events with AWS CloudTrail: Fundamentals and Best Practices

September 15 @ 11:00 am - 12:00 pm
Sep 19

Identity Zero-Trust: From Vision to Practical Implementation

September 19 @ 11:00 am - 12:00 pm
Sep 20

SaaS Security Trends, Challenges and Solutions for 2022

September 20 @ 11:00 am - 12:00 pm
Sep 21

Doing More With Less: How to Improve AppSec Programs When Budgets Decrease

September 21 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The State of Cloud Native Security 2020

Industry Spotlight

Self-Driving Vehicles: A Serious Security Risk?
Cybersecurity Industry Spotlight Security Boulevard (Original) 

Self-Driving Vehicles: A Serious Security Risk?

August 19, 2022 Millie Fuller | 5 hours ago 0
4 Common Automotive Cybersecurity Vulnerabilities
Cybersecurity Industry Spotlight Security Boulevard (Original) 

4 Common Automotive Cybersecurity Vulnerabilities

August 19, 2022 Joe Agee | 6 hours ago 0
Gmail Lets Candidates Spam You — FEC FAIL
Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity DevOps Editorial Calendar Featured Governance, Risk & Compliance Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches 

Gmail Lets Candidates Spam You — FEC FAIL

August 15, 2022 Richi Jennings | 4 days ago 0

Top Stories

VPNs Don’t Work on iOS — and Apple Doesn’t Care
Analytics & Intelligence API Security Application Security Cloud Security Cloud Security Cybersecurity Data Security Editorial Calendar Endpoint Featured Identity & Access Incident Response Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

VPNs Don’t Work on iOS — and Apple Doesn’t Care

August 19, 2022 Richi Jennings | 2 hours ago 0
Task Force Gives SMBs Blueprint to Defend Against Ransomware
Application Security Cybersecurity Data Security Featured Incident Response News Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Vulnerabilities 

Task Force Gives SMBs Blueprint to Defend Against Ransomware

August 18, 2022 Teri Robinson | Yesterday 0
Radware Report Sees Major Spike in DDoS Attacks
Featured News Spotlight Uncategorized 

Radware Report Sees Major Spike in DDoS Attacks

August 17, 2022 Michael Vizard | 2 days ago 0

Security Humor

Daniel Stori's 'terminal transparency'

Daniel Stori’s ‘terminal transparency’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Techstrong Research
  • Techstrong TV
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
  • Digital Anarchist
Powered by Techstrong Group
Copyright © 2022 Techstrong Group Inc. All rights reserved.