Friday, February 28, 2020
  • Meeting Trusted Data Privacy Compliance
  • “Shark Tank” TV star loses almost $400,000 in Business Email Compromise scam
  • Is the Security Skills Shortage Overblown?  
  • Video: Steve Olsen on Bringing the BlackBerry QNX Experience to Users
  • Chronicle Road to Detection: Approach — Part 2 of 3

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Threats & Breaches » Vulnerabilities » How the CIS Controls Can Help You Achieve PCI DSS 3.2 Compliance

How the CIS Controls Can Help You Achieve PCI DSS 3.2 Compliance

by David Bisson on August 5, 2018

Compliance with version 3.2 of the Payment Card Industry Data Security Standard (PCI DSS) is a must for organizations that handle, process, transmit and store payment card data. But compliance isn’t always easy to establish or maintain. Indeed, there are certain challenges along the way that can make organizations’ compliance with PCI DSS 3.2 superficial and short-lived.

To beat those challenges, organizations need to go beyond the checkbox and pursue PCI compliance as a continuous process. One of the ways they can do this is by mapping the six objectives and 12 requirements in version 3.2 of the Standard to the Center for Internet Security’s Critical Security Controls (“the CIS Controls”). In so doing, organizations can learn where they need to adjust their efforts to maximize the efficacy of their digital security programs.

Below is a breakdown of how certain CIS Controls, in particular, can help with achieving and maintaining PCI compliance.

PCI Objective #1: Build and Maintain a Secure Network

Under the first objective of PCI DSS 3.2, organizations must build and maintain a secure network by fulfilling two requirements:

  1. Install and maintain a firewall configuration to protect cardholder data.
  2. Do not use vendor-supplied defaults for system passwords and other security parameters.

Five of CIS Controls can help organizations fulfill this objective and its two attending requirements. Companies can start with Control 5 to secure the configurations of their hardware and software. If they implemented Control 5 successfully, organizations will be equipped to fulfill Control 11 and achieve secure configurations for network devices. They can then use Control 7 to ensure email and web protections, including the use of only fully supported browsers and email clients. On top of those measures, organizations can perform regular automated port scans and manage all devices remotely logging (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/regulatory-compliance/pci/how-the-cis-controls-can-help-you-achieve-pci-dss-3-2-compliance/

August 5, 2018August 6, 2018 David Bisson cis controls, Featured Articles, PCI, PCI DSS, Vulnerability Management
  • ← The Top Security Tools to Use Across the Cyber Kill Chain
  • Security as a Quality Gate for DevOps →

Digital Anarchist Live – RSAC San Francisco (Feb 25-27, 9am-5pm PST)

Watch full coverage at: DigitalAnarchist.Live

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Apple Goes Rogue, Drops Unilateral TLS Certificate Guillotine
Election Security a 2020 Myth?
RSA Conference 2020: The Human Element is Alive and Well
Cisco Looks to Unify Cybersecurity Management
Personal Data Collection: Outsourcing Surveillance
Cybersecurity Threats for 2020
S3 Bucket Ransomware Attack: What Is It and How Can It Happen?
Time to Tighten Up Cybersecurity to Fight Tax Fraud
Inserting security in pull requests — in a developer friendly way
Google Docs Forms Abused by Phishers to Harvest Microsoft Credentials

Upcoming Webinars

Mar 04

Shift Application Security Knowledge Left to Deliver Secure Code On Time

March 4 @ 11:00 am - 12:00 pm
Mar 09

Best Practices to Secure Containerized Apps with Next-Gen WAF

March 9 @ 1:00 pm - 2:00 pm
Mar 23

The State of Open Source Security

March 23 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Developers Are Taking Over AppSec

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Meeting Trusted Data Privacy Compliance
Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

Meeting Trusted Data Privacy Compliance

February 28, 2020 Doug Wick | 5 hours ago 0
How IT Ops Can Maintain Security and Agility in a Hybrid Cloud World
Cloud Security Cybersecurity Industry Spotlight Security Boulevard (Original) 

How IT Ops Can Maintain Security and Agility in a Hybrid Cloud World

February 27, 2020 Grant Ho | Yesterday 0
Making the Move to Multifactor Authentication
Cybersecurity Identity & Access Industry Spotlight Security Boulevard (Original) 

Making the Move to Multifactor Authentication

February 26, 2020 Patrick Kinsella | 2 days ago 0

Top Stories

Clearview, a Startup Probably Holding Your Image, Gets Hacked
Cloud Security Cybersecurity Data Security Featured Identity & Access Incident Response News Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

Clearview, a Startup Probably Holding Your Image, Gets Hacked

February 27, 2020 Richi Jennings | Yesterday 0
ZeroFOX Raises $74M to Combat Deepfakes With AI
Cybersecurity Featured Network Security News Security Boulevard (Original) Social Engineering Spotlight 

ZeroFOX Raises $74M to Combat Deepfakes With AI

February 27, 2020 Michael Vizard | Yesterday 0
Apple Goes Rogue, Drops Unilateral TLS Certificate Guillotine
Cybersecurity DevOps Featured Governance, Risk & Compliance Identity & Access Network Security News Security Boulevard (Original) Spotlight 

Apple Goes Rogue, Drops Unilateral TLS Certificate Guillotine

February 24, 2020 Richi Jennings | 3 days ago 0

Security Humor

via   the comic delivery system monikered  Randall Munroe  at  XKCD !

XKCD ‘Truck Proximity’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2020 MediaOps Inc. All rights reserved.

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.