Resources for Federal Financial Institutions Examination Council (FFIEC)

Compliance year in review: PCI DSS progress, yet confusion abounds

searchsecurity.techtarget.com.au

After a year when compliance was top of mind for companies everywhere, amazingly enough, compliance is poised to remain a huge discussion topic within large enterprises for the foreseeable future. Many still struggle to assess the true impact to their environment of ongoing regulatory scrutiny. Before we ring in the New Year, let's take a look back at some of the big compliance issues we saw in 2007 and how the landscape may change moving forward.

You can't mention 2007 and compliance without uttering the "P" word. Of course, I'm referring to the Payment Card Industry (PCI) Data Security Standard (DSS). This year, PCI really came into its own with the acceptance of DSS version 1.1 and the compliance deadlines for Level 1 and Level 2 merchants.

The increased awareness and understanding that PCI is important has had a dramatic and positive impact on security efforts. In stark contrast to the nebulous and mostly ineffective HIPAA and GLBA standards, the 12 requirements of PCI DSS are reasonably specific about what is acceptable from a security controls standpoint.

View the Resource

Share or bookmarklet this web page at: