Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

4/27/2018
11:35 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

PCI Security Standards Council Publishes Guidelines on Cloud Computing

LAS VEGASNev., 17 April 2018 —  Meeting with acquirers and payment technology leaders this week at the TRANSACT conference, the PCI Security Standards Council (PCI SSC) announced new PCI SSC Cloud Computing Guidelines. Developed in collaboration with more than 100 global organizations representing banks, merchants, security assessors and technology vendors, the guidance identifies and addresses security challenges for different cloud architectures and models to help companies understand security considerations when implementing these solutions.

“Since we first released guidance for cloud environments in 2013, we’ve seen a tremendous growth in adoption of these services as well as the introduction of additional features such as fog computing, desktop-as-a-service and other uses for cloud,” said PCI SSC Chief Technology Officer Troy Leach. “With the increased use of third-party services comes a dependency to better understand business and technical issues that may impact payment data and associated processing. The new PCI SSC Cloud Computing Guidelines aims to help all parties involved to understand how best to mitigate potential risk and collaborate on the shared responsibility for protecting payment data.”

Developed by a PCI SSC Special Interest Group, the guidance is an update to guidelines published in 2013. The latest version includes expanded recommendations on incident response and forensic investigation as well as new guidance on vulnerability management. It provides scenarios of different cloud technologies and outlines how these various technologies can impact compliance. The information in this document is intended for merchants, service providers, assessors and other entities looking for guidance on how the use of cloud computing may affect PCI DSS implementations.

The PCI SSC Cloud Computing Guidelines is available for download on the PCI SSC website here.

PCI SSC Special Interest Groups (SIGs) are community-driven initiatives that provide additional guidance and clarifications or improvements to the PCI Security Standards and supporting programs. PCI Participating Organizations selected cloud computing as a key area to address via the SIG process. More than 100 global organizations representing banks, merchants, security assessors and technology vendors collaborated on this guidance. As with all PCI SSC information supplements, the guidance provided in this document is supplemental and does not supersede or replace any PCI DSS requirements.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
The Yellow Brick Road to Risk Management
Andrew Lowe, Senior Information Security Consultant, TalaTek,  11/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: He hits the gong anytime he sees someone click on an email link.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29070
PUBLISHED: 2020-11-25
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
CVE-2020-26212
PUBLISHED: 2020-11-25
GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of ever...
CVE-2020-26243
PUBLISHED: 2020-11-25
Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being decoded...
CVE-2020-25650
PUBLISHED: 2020-11-25
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service fo...
CVE-2020-29071
PUBLISHED: 2020-11-25
An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving se...