PCI SECURITY STANDARDS COUNCIL LAUNCHES NEW RESOURCE TO GUIDE MERCHANTS TO PCI DATA SECURITY STANDARD COMPLIANCE
Prioritized Approach framework helps merchants focus PCI Data Security Standard implementations through six security milestones
WAKEFIELD, Mass., Mar. 3, 2009 . The PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PCI PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS), today released a new resource to promote card data security through adoption of the PCI DSS. The Prioritized Approach framework helps merchants identify highest risk targets, create a common language around PCI DSS implementation efforts and demonstrate progress on the compliance process to key stakeholders.
The Prioritized Approach framework was created to help merchants who are not yet fully compliant with the PCI DSS understand and reduce risk while on the road to compliance.
Comprised of six security milestones outlined below, the tool focuses on best practices for protecting against the highest risk factors and escalating threats facing cardholder data security:
- Milestone One: If you don.t need it, don.t store it
- Milestone Two: Secure the perimeter
- Milestone Three: Secure applications
- Milestone Four: Monitor and control access to your systems
- Milestone Five: Protect stored cardholder data
- Milestone Six: Finalize remaining compliance efforts, and ensure all controls are in place
.Securing cardholder data is the ultimate priority and following the PCI DSS is the best way to achieve this. The Prioritized Approach framework will help stakeholders understand where they can act to reduce risk earlier in their journey towards PCI DSS compliance,. said Bob Russo, general manager, PCI Security Standards Council. .The launch of these new guidance and interactive documents are another step by the Council to increase understanding of and education around PCI DSS among merchants, providing them with insight into how they can protect card holder data faster and demonstrate progress and compliance with the PCI DSS..
The Prioritized Approach was compiled after considering actual data compromise events, feedback from Qualified Security Assessors (QSAs) and forensic investigators and input from the PCI SSC Board of Advisors. The framework gives practical suggestions on how to approach compliance with PCI DSS to create the most immediate impact on card data security in a merchant.s environment. The Prioritized Approach also creates a common language to improve communication around compliance progress between merchants, QSAs, acquiring banks and card brands.
The Prioritized Approach framework is available on the Council.s website and includes a reference document and simple to use, downloadable worksheet that allows merchants to sort specific PCI DSS requirements by Prioritized Approach milestones. In addition, educational webinars to provide insight and information on how to utilize the Prioritized Approach framework will be held on Wednesday, March 18th at 11:30am and 7:30pm
ET. Register at http://register.webcastgroup.com/event/?wid=0800318094557 (11:30 am ET Webinar) or http://register.webcastgroup.com/event/?wid=0800318094558 (7:30 pm ET Webinar).
For More Information:
Details about the Prioritized Approach can be found at https://www.pcisecuritystandards.org/education/prioritized.shtml For more information about the PCI Security Standards Council or to become a Participating Organization please visit pcisecuritystandards.org, or contact the PCI Security Standards
Council at [email protected].
About the PCI Security Standards Council
The mission of the PCI Security Standards Council is to enhance payment account security by fostering broad adoption of the PCI Data Security Standard and other standards that increase payment data security.
The PCI Security Standards Council was formed by the major payment card brands American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa Inc. to provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of the PCI Data Security Standard (DSS), PIN Entry Device (PED) Security Requirements and the Payment Applications Data Security Standard (PA-DSS). Merchants, banks, processors and point of sale vendors are encouraged to join as Participating Organizations.