The PCI DSS and the NIST and ISO Risk Assessment Protocols  
  SEARCH: Sign In | Register | Contact Us | Site Map | Home  

White Papers for Federal Financial Institutions Examination Council (FFIEC)

The PCI DSS and the NIST and ISO Risk Assessment Protocols

PCI Security Vendor Alliance

The two most common formal risk assessments for information security are from the International Standards Organization or ISO and from the National Institute for Standards and Technology or NIST. Risk assessment software is available for both procedures from various vendors, including PCI SVA members ACR2 (NIST) and Modulo (ISO).The NIST framework includes ALL of the minimum standards required of US Federal agencies.
This is a longer list than the PCI “digital dozen” and includes some items that may not be applicable to all PCI organizations. However, the NIST framework provides an inexpensive way to obtain a “formal risk assessment” that is traceable to an objective outside standard. The ISO framework is even longer, making the NIST a little easier to use.

View the White Paper



Share or bookmarklet this web page at:



Google
Privacy Policy | Terms & Conditions | Support | Directory Links | Contact Us | Site Map | Home
Copyright © 2007-2008 ComplianceHome.com. A SUPREMUS GROUP venture. All rights reserved.