Blog

PCI DSS v4.0 is coming and will bring big changes. The exact nature of the changes aren’t yet available as the standard is still evolving under the PCI Councils Request For Comment (RFC) process. In the next few months, many articles will get published...

Control Gap is proud to introduce our participants for Movember 2021: Ben, Connor, Corey, and David who help us raise funds for #menshealthmonth and #movember. In the best spirit of fun and competition our team will compete for the best MO (and bragging...

Organizations subject to PCI DSS compliance validation spend significant amounts of time, effort, and money to maintain and validate their compliance. So, the idea that a common graphics card can threaten compliance or lead to a compromise may at first...

Microsoft support offerings are designed to provide guidance for system administrators and managers. However, details of the Microsoft “Support Lifecycle” [2] can be misunderstood, leading to compliance confusion and unnecessary work.

Attention Windows sysadmins: search for "LLMNR" and once you've finished panicking, then get that nonsense disabled.

Over the past year and over 50 internal network penetration tests, one issue in particular keeps popping up and is regularly...

Last month NIST announced they were seeking feedback on a proposed updated guidance for FPE. More formally this is SP 800-38G rev 1 "Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption". The draft is open for...

Understanding PCI DSS requirements in depth can often be confusing and frustrating. The requirements covering penetration testing, PCI DSS 11.3, are a case in point. This article will help those of you who are seeking compliance to know what is expected...

Compliance simplification, what most people call “scope reduction”, can have huge benefits in terms of saving time, effort, headaches, and money. Merchants desire ways to simplify their PCI compliance as do the card brands, acquirers, and processors....

Earlier this month the PCI Security Standards Council published a new document as part of the Point-to-Point Encryption (P2PE) program. This initial guidance Assessment Guidance for Non-Listed Encryption Solutions introduces a new path into the P2PE...