Thursday, January 29, 2015

Barrier to entry for PCI gap analysis

If a company processes credit cards, and other payment cards they need to show compliance to PCI DSS stardards.

PCI gap analysis finds areas where a company does not meet the ~228 PCI DSS security controls/requirements and points out PCI DSS security controls which require remediation. PCI gap analysis activity is a lucrative business but the fees charged by PCI organization and the requirements keeps the barriers to entry in this market space quite high. Companies can perform self assessment questionnaire (SAQ)  but they still need sign off from QSA certified auditors. Different type of vendors/companies require compliance to different sections and security controls listed in the PCI DSS standards.

No comments:

Post a Comment