The Art of Reading a PCI Attestation of Compliance (AoC)
PCI Attestations of Compliance (AoCs) provide organizations with a tool that helps with the all-important aspects of third-party due diligence. Yet...
1 min read
David Gamey
:
Mar 14, 2017 10:07:00 PM
In recent news, WikiLeaks exposed a huge trove of CIA documents. Journalists and bloggers will of course have a field day with this and the general public will be spectators to another ongoing drama. From our perspective, thankfully, it sounds like WikiLeaks intends to work with vendors to fix vulnerabilities which will hopefully spare everyone from a shooting gallery of zero-day exploitation.
We, like many of you, were curious. We wondered what useful things might be gleaned from this. In particular, how might PCI DSS, PA-DSS, PIN, and P2PE guidance hold up against the CIA’s guidance? What we found interesting was that after casting off the spy craft stuff like misdirection, misattribution, and uber-stealthy techniques, what was left could easily be taken from a PCI compliance and best practices document:
PCI Attestations of Compliance (AoCs) provide organizations with a tool that helps with the all-important aspects of third-party due diligence. Yet...
This week saw the publication of 493 new CVE IDs. Of those, 58 have not yet been assigned official CVSS scores, however, of the ones that were,...
This week saw the publication of 442 new CVE IDs. Of those, 258 have not yet been assigned official CVSS scores, however, of the ones that were,...