Based on the PCI DSS 3.0 security standard, the Content Pack offers guidance to businesses that handle cardholder information for major credit and debit cards.
Integrated risk management solutions specialist Agiliance announced the release of the Payment Card Industry (PCI) Data Security Standard (DSS) 3.0 Content Pack, which provides organizations that handle cardholder information and are regulated by the PCI Security Standards Council with a framework to implement and maintain information security processes and internal controls.
Based on the PCI DSS 3.0 information security standard, it provides businesses that handle cardholder information for major debit, credit, prepaid, e-purse, ATM and point-of-sales cards with guidance and best practices to increase controls around cardholder data and help prevent data breaches and reduce fraud.
The PCI DSS 3.0 Content Pack is currently available and is included with all RiskVision subscriptions, the company noted.
Using the company’s RiskVision platform, organizations can gather, score and review their data- and survey-driven control assessment results to identify and remediate control gaps that can be exploited by hackers.
RiskVision provides a view of an organization’s PCI compliance posture to minimize the risk of data breaches. Its data automation and correlation capabilities also help organizations conduct continuous compliance assessments.
"One of the most significant changes introduced with PCI DSS 3.0 is the concept of making compliance a daily event, instead of an annual check-box fire drill to comply with an audit," Torsten George, vice president of worldwide marketing and products at Agiliance, said in a statement. "Continuous compliance is a considerable challenge that requires the rethinking of existing processes, including the tools organizations use to gather and analyze data. RiskVision and the PCI 3.0 Content Pack provide the controls, data automation, data aggregation and workflow engine to streamline the overall compliance process and reduce the risk of data breaches."
The content pack covers technical and operational requirements, as well as guidance related to shared hosting providers, including how to build and maintain a secure network and systems, protect cardholder data and maintain a vulnerability management program.
The pack is also designed to help organizations implement strong access control measures, regularly monitor and test networks, maintain an information security policy and shared hosting providers with cardholder data environment protection.
Earlier this year the company released its Office of the Comptroller of the Currency (OCC) Risk Management Guidance Content Pack, which provides national banks and federal savings associations the proper steps to manage and assess third-party risks.
The OCC advises financial services organizations to adopt risk management processes that match the potential threats posed by their third-party relationships, especially those that involve critical bank activities.