SIG to Provide Penetration Testing Clarification

SecurityMetrics and others to elaborate on Information Supplement: Requirement 11.3
 
 
Spread the Word
Listed Under

Tags:
Pci Dss
Penetration Testing
Pci Compliance
Pen Test

Industrys:
Computers
Security

Location:
Salt Lake City - Utah - US

Subject:
Projects

SALT LAKE CITY - Dec. 10, 2013 - PRLog -- To supplement outdated community guidance on penetration testing, SecurityMetrics, PSC, and @Sec proposed a Payment Card Industry (PCI) Special Interest Group (SIG) to enable further clarification of PCI DSS Information Supplement: Requirement 11.3 and minimize inconsistencies in testing methodology. On Dec 5, the PCI Council publically announced the penetration testing guidance SIG was officially selected.

Due to numerous interpretations of Requirement 11.3, current penetration testing challenges include scope, testing methodology, and reporting inconsistencies. These challenges make it difficult for assessment groups to know that tests sufficiently meet the PCI requirement’s intent.

“It’s tiring to defend what a pen test should be,” said Gary Glover, SecurityMetrics Director of Security Assessments. “We must update the guidelines with the knowledge we’ve gleaned over the past five years to ensure merchants, service providers, QSAs, and pen test groups are yetpf all on the same page when defining a successful penetration test.”

Through case studies, templates, and best practices, the SIG will clarify information supplement documentation and provide guidance on:

·       -Authenticated testing conditions

·       -Assessment reports

·       -Internal and external scoping

For more information about SecurityMetrics services such as penetration testing or PCI compliance, please contact SecurityMetrics at 801.705.5656 or audits@securitymetrics.com.

About SecurityMetrics (www.securitymetrics.com (http://www.securitymetrics.com))

SecurityMetrics protects electronic commerce and payments leaders, global acquirers, and their retail customers from security breaches and data theft. The company is a leading provider and innovator in merchant data security, and as an Approved Scanning Vendor and Qualified Security Assessor, has helped over 1 million organizations manage PCI DSS compliance and/or secure their network infrastructure, data communication, and other information assets. Founded in October 2000, SecurityMetrics is a privately held company headquartered in Orem, Utah, USA.
End
Source:
Email:***@securitymetrics.com Email Verified
Tags:Pci Dss, Penetration Testing, Pci Compliance, Pen Test
Industry:Computers, Security
Location:Salt Lake City - Utah - United States
Subject:Projects
Account Email Address Verified     Account Phone Number Verified     Disclaimer     Report Abuse
SecurityMetrics PRs
Trending News
Top Daily News
Top Weekly News



Like PRLog?
9K2K1K
Click to Share