Channel partners honing their compliance skills will soon be able to add one more to their portfolio with the launch of a new Payment Card Industry Security Standards Council certification program specifically targeting integrators and resellers.
via PCI Council Launches Reseller Cert Program | Channelnomics.
The latest PCI compliance stats—out this week—show trivial changes from the prior report, with Level 2 and Level 3 retailers slightly increasing compliance. Level 2 went from 91 percent at the end of December 2011 to 92 percent as of March 31, 2012, and Level 3 also increased by 1 percent, from 58 percent to 59 percent. The largest chains, the Level 1s (processing more than 6 million Visa transactions annually), stayed exactly the same, at 98 percent.
Approximately 40% of federal government agencies are out of compliance with a regulation that requires them to deploy an extra layer of authentication on their Web sites to prevent hackers from hijacking Web traffic and redirecting it to bogus sites
via 40% of U.S. government Web sites fail security test.
Only seven out of 24 agencies are more than 90 percent compliant with the Federal Information Security Management requirements, and more than half saw their compliance score decline compared to last fiscal year’s numbers, according to an Office of Management and Budget review.
via FISMA compliance eludes agencies — Federal Computer Week.
All companies storing personal data on Massachusetts residents have just over a month to ensure that their contractors, suppliers, technology providers and other third parties comply with a provision of a state data breach law that went into effect in March 2010
via Final phase of Mass. data protection law kicks in March 1.
The FTC alleged that after the personalized offers feature was enabled, extensive information was collected from the user and transmitted to Upromise, including the names of all websites visited, all links clicked by the user and information that users entered into certain web pages, such as usernames, passwords, search terms, credit card information, expiration dates, security codes and social security numbers. The FTC alleged that there was no way a user would be able to detect the extent of the data being collected by the Upromise software without special software and technical expertise
The PCI SSC stated that while Visa is not requiring merchants to file a ROC or AOC, the merchant still has to ensure that it is PCI DSS compliant. This means that the merchant still must go through the PCI compliance assessment process of a ROC or respective SAQ to ensure that their controls are functioning properly.
via The (EMV/Contactless) World According To Visa « PCI Guru.
CenITex, the Victorian Government’s shared services IT agency, will adopt a new IT governance, risk and compliance (ITGRC) package to improve its information security function.
via Agency to deliver shared governance, risk compliance service.
The Compliance Checker runs an assessment on ESX/ESXi hosts managed by vCenter
The assessment is based on a predefined subset of 29 of the vSphere 4.1 Security Hardening Guide rules and is run against the first 5 ESX/ESXi hosts found on the target vCenter
via VMware: VMware Security & Compliance: VMware’s CP&C releases another free Compliance Checker!.