Before we begin, there’s one thing to make very, very clear: You cannot outsource ALL compliance! I do not care what some vendor says. No single service makes you compliant. Only you can make you compliant. While vendors can take you most, if not all the way to compliance. You must still confirm their compliance […]
PCI DSS 3.2 Multi-Factor Authentication Clash
Multi-factor authentication (MFA) is a tried and true technology that rarely incites debate. How then did MFA became a hotly debated topic at the PCI Standards Council North American Community Meeting? The answer is a classic clash of theory and reality.
PCI Compliance for the AWS Cloud
Anitian’s Workbook for PCI Compliance in the AWS Cloud takes the guesswork out of making your AWS infrastructure PCI DSS compliant.
PCI 3.0 Secure Authentication Requirement
The new PCI 3.0 introduces a subtle, but important new requirement for addressing security authentication and session management for web applications.
The Failure of the PCI-DSS?
The Target breach has ignited a firestorm of debate over the efficacy of the PCI-DSS. The problem with the PCI-DSS is not the standard, but a deeply flawed an corrupted assessment process.
Analysis of the New Requirements for PCI 3.0
Anitian analyzes the new requirements to the PCI DSS 3.0
PCI: I Find Your Lack of Scope Disturbing
I find your lack of a scope of compliance disturbing.
