PCI Council gives helping hand to merchants
Prioritized Approach framework to help attain PCI DSS compliance
Ian Williams, vnunet.com 04 Mar 2009
The Payment Card Industry Security Standards Council (PCI SSC) has released a new resource designed to help merchants struggling to attain compliance with the PCI Data Security Standard.
The global payment industry body launched the Prioritized Approach framework to help merchants that are not yet fully compliant. It will identify highest risk targets, create a common language around PCI DSS implementation efforts, and demonstrate progress on the compliance process to key stakeholders.
The framework is made up of six ‘security milestones’ aimed at laying out a series of best practices for protecting against the highest risk factors and escalating threats facing cardholder data security. The milestones are as follows:
1. If you don’t need it, don’t store it
2. Secure the perimeter
3. Secure applications
4. Monitor and control access to your systems
5. Protect stored cardholder data
6. Finalise remaining compliance efforts, and ensure all controls are in place
“Securing cardholder data is the ultimate priority, and following the PCI DSS is the best way to achieve this,” said Bob Russo, general manager of the PCI Security Standards Council.
“The Prioritized Approach framework will help stakeholders understand where they can act to reduce risk earlier in their journey towards PCI DSS compliance.
“The launch of these new guidance and interactive documents are another step by the Council to increase understanding of and education around PCI DSS among merchants, providing them with insight into how they can protect card holder data faster and demonstrate progress and compliance with the PCI DSS.”
According to the PCI SSC, the framework was based on actual data compromises, as well as feedback from assessors and forensic investigators, and input from the PCI SSC Board of Advisors.
The Prioritized Approach framework is available on the Council’s web site. It includes a reference document and downloadable worksheet that allows merchants to sort specific PCI DSS requirements by the individual milestones.