Contact
Contact

Blog

Be in touch with our latest news

Blog

6 min read

PCI DSS v4 is Coming – What Can You Rely On

PCI DSS v4.0 is coming and will bring big changes. The exact nature of the changes aren’t yet available as the standard is still evolving under the PCI Councils Request For Comment (RFC) process. In the next few months, many articles will get published...

Read More >

1 min read

A-Movember-Moment

Control Gap is proud to introduce our participants for Movember 2021: Ben, Connor, Corey, and David who help us raise funds for #menshealthmonth and #movember. In the best spirit of fun and competition our team will compete for the best MO (and bragging...

Read More >

10 min read

How a $1200 Graphics Card Threatens Your PCI DSS Compliance and Security

Organizations subject to PCI DSS compliance validation spend significant amounts of time, effort, and money to maintain and validate their compliance. So, the idea that a common graphics card can threaten compliance or lead to a compromise may at first...

Read More >

1 min read

How Microsoft Support Expiry can Affect Your PCI Compliance

Microsoft support offerings are designed to provide guidance for system administrators and managers. However, details of the Microsoft “Support Lifecycle” [2] can be misunderstood, leading to compliance confusion and unnecessary work.

Read More >

4 min read

LLMNR / NBT-NS: You’re Poison!

Attention Windows sysadmins: search for "LLMNR" and once you've finished panicking, then get that nonsense disabled.

Over the past year and over 50 internal network penetration tests, one issue in particular keeps popping up and is regularly...

Read More >

4 min read

NIST Update to Format Preserving Encryption Standard affects PCI Use Cases

Last month NIST announced they were seeking feedback on a proposed updated guidance for FPE. More formally this is SP 800-38G rev 1 "Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption". The draft is open for...

Read More >

4 min read

The 3 Approaches to Penetration Testing for PCI DSS

Understanding PCI DSS requirements in depth can often be confusing and frustrating. The requirements covering penetration testing, PCI DSS 11.3, are a case in point. This article will help those of you who are seeking compliance to know what is expected...

Read More >

10 min read

Understanding P2PE, NESA, E2EE, and PCI Compliance

Compliance simplification, what most people call “scope reduction”, can have huge benefits in terms of saving time, effort, headaches, and money. Merchants desire ways to simplify their PCI compliance as do the card brands, acquirers, and processors....

Read More >

3 min read

PCI Announces NESA - A Stepping Stone To P2PE

Earlier this month the PCI Security Standards Council published a new document as part of the Point-to-Point Encryption (P2PE) program. This initial guidance Assessment Guidance for Non-Listed Encryption Solutions introduces a new path into the P2PE...

Read More >