PCI DSS Version 4.0: Managing Your Scope for “Significant Change”

After a few delays, PCI DSS version 4.0 was finally announced publicly on March 31, 2022. While entities may still use PCI DSS v3.2.1 until its retirement date on March 31, 2024, there are some notable changes that should be given consideration in advance. Since the initial evolution of PCI …

CDE Scoping and Future Data Compliance Requirements: Why Data Discovery Is Crucial to PCI DSS

Last month I shared a post about prioritizing data security in the uncertain future that is 2022, whether that uncertainty pertains to existing or net new privacy laws, expansions of security controls, or other regulatory factors. One thing is for certain, this year brings with it a lot of potential …

Adjusting Data Security with the New Remote Workforce

The ongoing COVID-19 pandemic has changed nearly every aspect of our lives—some more in the short-term and others, permanently. This includes the workforce, which now functions in any combination of in-person, hybrid, and remote. While some companies already had a system in place to support employees both remotely and in …

PCI DSS Version 4.0: Responding to Sensitive Data Discovery Incidents

At the end of March, the PCI Standards Security Council (PCI SSC) publicly released the most recent update to the PCI Data Security Standards (DSS), version 4.0. While much speculation has occurred as to the contents of the new standards—and much of that speculation turned out to be correct—now it’s …