April 2018 – Updated PCI Cloud Computing Guideline

14. June 2018

On April 17, 2018, the Payment Card Industry Security Standards Council (PCI SSC) published its updated Cloud Computing Guideline.
With the increasing use of cloud service providers, there is a need to better understand business processes and technical problems that may impact payment data and associated processing. The new Cloud Computing Guideline is designed to contribute to a better understanding of the risks and their minimisation for safeguarding credit card data in the cloud.
With version 3.0, recommendations on incident response and forensic investigations have been enhanced and new vulnerability management guidelines added. In addition, the updated guideline offers additional technical security considerations on topics such as logging, identity and access management, and intrusion detection systems (IDS)/intrusion prevention systems (IPS) for use within the cloud. The chapters on “Roles and Responsibilities” and “Scoping Cloud Environments” have also been updated.
Furthermore, the challenges for achieving PCI DSS compliance while using the cloud are addressed. These challenges include the problems brought about by the fact that cloud customers have no insight into the underlying infrastructure of their provider and the security controls associated with it, and the difficulty of meeting the corresponding PCI DSS logging requirements.
(Source: https://www.pcisecuritystandards.org/pdfs/Cloud_SIG_Release.pdf)

About the PCI Expert Tipps:
With our PCI Expert Tips we would like to keep you informed about changes to the PCI Security Standards and provide you with first explanations as to what the changes entail and how they may affect you. Please take our articles always as a general reference – they do not replace individual case-by-case evaluations.
Should you have any further questions or require assistance with your scope definition, don’t hesitate to contact us.
Our specialists are happy to help!
Phone: +49 6102 8631-190
E-mail: sales@usd.de

Also interesting:

3 Reasons for a Cloud Security Audit

3 Reasons for a Cloud Security Audit

Outsourcing applications and data to the cloud brings significant benefits for companies, but at the same time also new challenges for the corresponding IT departments. The technologies and processes of a cloud environment differ from those of local data centers....

usd HeroLab Top 5 Vulnerabilities 2020: SMB 1.0 & SMB Signing

usd HeroLab Top 5 Vulnerabilities 2020: SMB 1.0 & SMB Signing

During penetration tests our security analysts repeatedly uncover gateways in IT systems and applications that pose significant risks to corporate security. They increasingly identify the same vulnerabilities in different IT assets, some of which have been known for...

Categories

Categories