3 common misconceptions about PCI compliance

2020-06-10 05:30

Not only am I responsible for all of the ongoing compliance and yearly assessments, but I also have to interpret the PCI DSS scriptures on how PCI affects products, initiatives, and platform decisions.

I'm honestly surprised that so many vendors operating in areas that impact PCI compliance have virtually no clue about how their products affect or are affected by PCI. After all, there's no excuse to be clueless.

That's why many discussions about PCI end pretty quickly when you simply ask someone to point to the PCI DSS guidelines to support their argument.

Misconception #2: You've accurately scoped your CDE. The second misconception involves what PCI compliance fundamentally tries to protect.

Misconception #3: Not recognizing the differences between PA-DSS and PCI DSS. The third misconception is about the differences between the PA-DSS and the PCI DSS. This might seem contradictory, and it probably should be, but there are many cases where you can have a system that has a PA-DSS certification that will not meet PCI DSS compliance.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/8J1Qj1Hnkrs/

#compliance #PCI