Network Segmentation for PCI DSS
Designing and evidencing network segmentation that isolates the CDE — VLAN architecture, firewall rule sets, segmentation testing, and the verification QSAs perform during assessment.
Explore Resource
Encryption and Key Management
Implementing PCI DSS-compliant encryption — algorithm selection, key length, the complete key management lifecycle, HSM options, and the documentation required by Requirement 3.
Explore Resource
Multi-Factor Authentication: PCI DSS v4.0 Requirements
The expanded MFA requirements in v4.0 — where MFA is now mandatory, what constitutes a compliant implementation, phishing-resistant authentication, and common MFA gaps that generate QSA findings.
Explore Resource
Web Application Security and WAF
Requirement 6 web application security — the secure development lifecycle, OWASP Top 10 in the PCI DSS context, WAF deployment and rule management, and payment page script security under v4.0.
Explore Resource
Logging and Monitoring for PCI DSS
Building the audit logging and monitoring capability for Requirement 10 — what must be logged, log integrity protection, SIEM configuration, 12-month retention, and the daily log review requirement.
Explore Resource
Vulnerability Scanning and Penetration Testing
The complete vulnerability management and testing program — internal scanning cadence, ASV selection, external scan management, penetration testing methodology, scope, and the remediation and retest cycle.
Explore Resource
Point of Interaction (POI) Device Security
Physical and logical security for payment terminals — card skimming prevention, device inventory and inspection procedures, tamper detection, and the POI device management program required by Requirement 9.
Explore Resource