Regional insights and training opportunities at the Middle East & Africa Forum
Asia-Pacific Community Meeting to be held in May this year
ISA classes scheduled worldwide
As always, if you have questions, concerns, or suggestions on how to improve this weekly communication for POs, please email us at: pcimonitor@pcissc.org.
PCI NEWS & PROGRAM UPDATES
New Guidance on Multi-Factor Authentication Attackers continue to compromise valid credentials to access company networks and steal data. To help organizations combat this growing threat, the PCI SSC will issue guidance on multi-factor authentication (MFA). MFA provides a higher degree of assurance of the identity of individuals attempting to access computers and systems that are part of the cardholder data environment.
The PCI Data Security Standard (PCI DSS) currently requires MFA for remote access (originating from outside a company’s network) where that remote access could lead to access to the cardholder data environment. Effective 1 February 2018, MFA will also be required for administrative personnel with non-console access (administered or managed over a network) into the cardholder data environment.
The MFA guidance will provide industry-accepted principles and best practices for MFA, including considerations for common implementation scenarios. Note that use of this guidance is not required to meet PCI DSS Requirement 8.3 and its sub-requirements; but we encourage organizations to use this guidance when evaluating all new or current MFA implementations. The guidance will be available in the document library on the PCI SSC website later this week.
Provide Your Feedback on P2PE The PCI Council is evaluating a potential update to the PCI Point-to-Point Encryption (P2PE) Standard in 2018, or sooner if necessary.
As a Participating Organization, your company has the opportunity to provide comments on changes you’d like to see made to the PCI P2PE standard and supporting program in the next revision.
Based on market response to PCI P2PE version 2.0, the PCI Council is exploring minor modifications to make the standard more flexible and easier to use, such as adding more flexibility for component providers (e.g., Domains 1 and 6), and fine-tuning the listing process.
Please visit the PO Portal for more information and to provide specific feedback on PCI Point-to-Point Encryption (P2PE) Standard version 2.0 and the supporting PCI P2PE Program. The comment period closes on 4 April.
Run for the PCI SSC Board of Advisors A global view requires local understanding. Effective standards and resources are developed with practical, on-the-ground insights from industry leaders.
Demonstrate your expertise and leadership and impact payment security globally – run for the 2017-2019 PCI SSC Board of Advisors. As a Participating Organization (PO) in good standing, you may submit nominations via the PO portal through Monday 27 February 2017.
The Board of Advisors are strategic partners to the SSC bringing geographical, technical and specific vertical market insight to Council plans and projects. The Board reflects the global payment ecosystem and elected seats are available in the following five categories: merchant (6), financial institution (3), processor (3), vendor (3) and association/nonprofit (3).
Make sure your region is represented. Make sure your industry is represented. Submit your nomination today.
Together We Can Thwart Data Breaches Securing payment card data is a global challenge that requires a united approach. Please come to Cape Town to attend the PCI Middle East & Africa Forumon 29 March. This free event features a robust agenda with engaging speakers and the opportunity to network with regional industry leaders. Register now.
In conjunction with the Forum, three training courses are available, allowing attendees to make the most of their travel time and budgets:
NEW for 2017! PCI Professional (PCIP) in-person class: 24 March ( SAVE $200 : use code CT17PCIP)
PCI Asia-Pacific Community Meeting Will be Held in May This Year We’re building a great agenda. Join your colleagues, the best and brightest payment security minds in the industry, to discuss the latest on PCI in the Asia-Pacific region. Click here to register for the 2017 meeting. Remember, as PO you get two complimentary passes!
Looking for more exposure for your company? Learn more about participating in the vendor showcase. Also, be sure to check out the variety of sponsorship opportunities available. You could sponsor a reception, the welcome kit, or choose one of the other options to maximize your brand visibility at the meeting this year.
Worldwide Locations for ISA Training Wherever you are in the world – we have an ISA training class for you…
Over the next three months we have Internal Security Assessor (ISA) classesscheduled in Africa, Asia-Pacific, Europe, and North America. In this interactive two-day session, you’ll get practical hands-on experience on the requirements for PCI compliance as well as assessment and remediation techniques. Read the course description – and enroll in the class that’s most convenient for you.
Cape Town: 27-28 March (the two days just preceding the PCI Middle East and Africa Forum which is on 29 March)
Austin, TX: 27-28 March
London: 18-19 April
Bangkok: 15-16 May (the two days just preceding the PCI Asia Pacific Community Meeting which is on 17-18 May)