6 min read
PCI DSS v4 is Coming – What Can You Rely On
PCI DSS v4.0 is coming and will bring big changes. The exact nature of the changes aren’t yet available as the standard is still evolving under the...
Blog
1 min read
A-Movember-Moment
Control Gap is proud to introduce our participants for Movember 2021: Ben, Connor, Corey, and David who help us raise funds for #menshealthmonth and...
10 min read
How a $1200 Graphics Card Threatens Your PCI DSS Compliance and Security
Organizations subject to PCI DSS compliance validation spend significant amounts of time, effort, and money to maintain and validate their...
1 min read
How Microsoft Support Expiry can Affect Your PCI Compliance
Microsoft support offerings are designed to provide guidance for system administrators and managers. However, details of the Microsoft “Support...
4 min read
LLMNR / NBT-NS: You’re Poison!
Attention Windows sysadmins: search for "LLMNR" and once you've finished panicking, then get that nonsense disabled. Over the past year and over 50...
4 min read
NIST Update to Format Preserving Encryption Standard affects PCI Use Cases
Last month NIST announced they were seeking feedback on a proposed updated guidance for FPE. More formally this is SP 800-38G rev 1 "Recommendation...
4 min read
The 3 Approaches to Penetration Testing for PCI DSS
Understanding PCI DSS requirements in depth can often be confusing and frustrating. The requirements covering penetration testing, PCI DSS 11.3, are...
10 min read
Understanding P2PE, NESA, E2EE, and PCI Compliance
Compliance simplification, what most people call “scope reduction”, can have huge benefits in terms of saving time, effort, headaches, and money....
3 min read
PCI Announces NESA - A Stepping Stone To P2PE
Earlier this month the PCI Security Standards Council published a new document as part of the Point-to-Point Encryption (P2PE) program. This initial...