Payment Card Industry PCI Standard Released
I had a chance to read through it and my first impression is that it is well thought out and pretty darn comprehensive. It contains some things that to me are no brainers (implement strong passwords, establishing processes for testing policies, etc.) and some other things that to me combine facets of audit/compliance, identity management, NAC, and IPS/IDS. In short, validating a multi layer security approach. It also gets into why identity isn't just for users anymore, that device identity is just as important.
The other thing that hit me is how much of the standard can be met with Trusted Network Technologies solution that combines audit, policy management, and enforcement with a single piece of technology. I will spend the next few blogs talking about the 12 requirements and presenting a solution for companies grappling with this, and why using a single piece of technology to satisfy 10 of the 12 requirements specifically is a distinct advantage.
Stay tuned for in essence will be an RFI response laying out where I can help.
identitystuff @ gmail.com