viernes, 16 de noviembre de 2012
Information Supplement: PCI DSS Risk Assessment Guidelines - November 2012
WAKEFIELD, Mass., November 16, 2012 —The PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS), today released the PCI DSS Risk Assessment Guidelines Information Supplement, a product of the PCI Risk Assessment Special Interest Group (SIG). Organizations planning and performing a risk assessment in accordance with PCI DSS 12.1.2 can use the information supplement to help identify threats and the associated vulnerabilities that could jeopardize the security of payment card data.
The objective of this document is to provide supplemental guidance and recommendations for performing a risk assessment in accordance with PCI DSS Requirement 12.1.2. A risk assessment, as required in the PCI DSS, is a formal process used by organizations to identify threats and vulnerabilities that could negatively impact the security of cardholder data.
This document does not replace, supersede, or extend any PCI DSS requirements; rather it provides guidance for organizations to identify, analyze, and document the risks that may affect their cardholder data environment (CDE).Intended Audience
This guidance is intended for any organization that stores, processes, or transmits cardholder data (CHD). Examples include merchants, service providers, acquirers (merchant banks), and issuers. The intended audience includes large, medium, or small organizations