A few days ago, the AG KRITIS published the latest draft bill on the NIS-2 Implementation Law (NIS2UmsuCG) on its website. Which requirements could...
Security Audits
SWIFT CSCFv2025: Current Version of the Framework Brings Changes for Architecture Type B
Since its introduction in 2017, the Customer Security Controls Framework (CSCF) has aimed to strengthen the security of the SWIFT network. The aim...
New Requirements of ISO/IEC 27006-1:2024: What Changes Do They Bring for Your Audit?
ISO/IEC 27006-1:2024 contains the formal requirements for certification bodies that must be implemented when auditing an information security...
EPI External Security Evaluator: usd Receives Accreditation from the European Payments Initiative
usd AG has been accredited as a Security Evaluator by the European Payments Initiative (EPI). We are now authorized to carry out security...
Implementation of the NIS-2 Directive Has Been Postponed. What Is the Impact on the KRITIS Compliance Audit?
What's next for NIS-2? Due to the early elections in Germany, the parliamentary procedure for the NIS-2 implementation law NIS2UmsuCG could not be...
PCI Council Released Update of SAQ A: New Eligibility Criteria Replaces Future-dated Requirements
Last updated: 28 February, 2025 A few days ago, the PCI Security Standards Council (PCI SSC) announced important changes to SAQ A. Who is affected...
PCI DSS worldwide: usd AG one of 17 QSA companies with global accreditation
usd AG has once again received all the necessary licenses from the PCI Security Standards Council (PCI SSC) as a PCI DSS Qualified Security Assessor...
SWIFT CSCFv2025 - The Three Most Important Questions About the Update
Users of the SWIFT network are required to demonstrate compliance with the mandatory security controls through an annual independent audit in...
KRITIS: These Sectors Are Required to Provide Proof of Compliance in 2025
According to Section 8a (1) BSIG, operators of critical infrastructures (KRITIS) in Germany are obliged to take appropriate organizational and...
Information Security in Third-Party Risk Management: How to Monitor Your TPRM Program
Companies often work with a large number of service providers in order to be able to concentrate on their core business or save costs. For this to...
NIS-2: The Most Important Takeaways from the German Implementation Act
The law implementing the NIS-2 Directive aims to transpose the requirements of the European NIS-2 Directive into the German legal system. On May 7,...
What Does “Periodically” Actually Mean? PCI DSS v4.0 Specifies Timeframes
“Promptly”, “quarterly”, “periodically”: Many PCI DSS requirements demand that measures be implemented within a specified timeframe. While version...