WAKEFIELD, Mass., November 16, 2012 —The PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS), today released the PCI DSS Risk Assessment Guidelines Information Supplement, a product of the PCI Risk Assessment Special Interest Group (SIG). Organizations planning and performing a risk assessment in accordance with PCI DSS 12.1.2 can use the information supplement to help identify threats and the associated vulnerabilities that could jeopardize the security of payment card data.
Objective
The objective of this document is to provide supplemental guidance and recommendations for
performing a risk assessment in accordance with PCI DSS Requirement 12.1.2.
A risk assessment, as required in the PCI DSS, is a formal process used by organizations to
identify threats and vulnerabilities that could negatively impact the security of cardholder data.
This document does not replace, supersede, or extend any PCI DSS requirements; rather it
provides guidance for organizations to identify, analyze, and document the risks that may affect
their cardholder data environment (CDE).
Intended Audience
This guidance is intended for any organization that stores, processes, or transmits cardholder
data (CHD). Examples include merchants, service providers, acquirers (merchant banks), and
issuers. The intended audience includes large, medium, or small organizations
No hay comentarios:
Publicar un comentario