1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IDG Contributor Network: Practical tips to ensure PCI DSS compliance when dealing with...

Discussion in 'CSO' started by RSS, Feb 23, 2016.

  1. RSS

    RSS New Member Member

    In part 1 of this series, David Mundhenk and I detailed issues around PCI and message queuing. In part 2 we got into the nitty-gritty of how to ensure PCI DSS compliance when dealing with message queues.

    In this final piece, we will continue with some more detailed items on how to ensure PCI message queue compliance.

    Queueing; Mobile phones to mainframes

    From mobile phones to mainframes, cardholder data and sensitive authentication data is always either in one of three states; being processed in memory, transmitted across a network, or written to disk. If cardholder and sensitive authentication data is ever written to disk for any reason (including temporarily), it must be protected via PCI compliant encryption. Also remember that it also must be securely deleted by some industry standard secure delete process when no longer needed, and per PCI requirements the data must be rendered ‘irrecoverable’. The PCI SSC recommends NIST Special Publication 800-88, Guidelines for Media Sanitization.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page