Formal Guidance for PCI Requirement 6.6- COMING SOON!

How can you not love Las Vegas? I’m at the Electronic Transactions Association’s 2008 Annual Meeting and Expo, and have enjoyed the communications and feedback in the meetings attended. It seems all the major players in the payment industry are here! I was sent to represent WhiteHat for the PCI Security Standards Council’s meetings for the Payment Application – DSS and Quality Assurance discussions.

There were a couple of documents disseminated in hard copy intended for review and discussion amongst the QSA, ASV, and Parcitipating Organization communities. You can see some of the leaked language here. I am told these documents will be made public on Friday, I will post a link as soon as I see it.

My encouragement to readers prior to the release of that document is to focus on the very obvious intent of Requirement 6.6, “Ensure that all web-facing applications are protected against known attacks.”

While there has been a great deal of discussion and and conjecture about percieved responsiveness- the PCI Council has been very active in gaining concensus for specific guidance language. The PCI SSC has remained true to their mission, “to enhance payment account security by driving education and awareness of the PCI Data Security Standard and other standards that increase payment data security.”

The council is finalizing a guidance document for two requirements in the PCI Data Security Standard version 1.1:

  • Requirement 6.6, concerning the protection of web-facing applications, and
  • Requirement 11.3, the penetration testing requirement.

After these guidance letters are posted on the PCI SSC’s website, we will discuss their contents in the open.


One Response to “Formal Guidance for PCI Requirement 6.6- COMING SOON!”

  1. PCI Blog - Compliance Demystified » Blog Archive » Requirement 6.6 clarification Says:

    […] the word “code” (or any other minor nuance for that matter.)  Thank goodness they have Trey working to control the […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: