Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

You may have heard more about the SEC Form 8-K recently due to changes that went into effect on Dec 16, 2023. From the SEC’s press release.

Welcome back to our ongoing series on the Payment Card Industry Data Security Standard (PCI DSS). In our previous posts, we’ve covered the various requirements of this critical security standard. Today, we’re going to delve into Requirement 4, which focuses on protecting cardholder data with strong cryptography during transmission over open, public networks.

Technical vulnerabilities are areas of weakness in your source code or infrastructure that attackers could potentially exploit. It’s important for your business to address its technical vulnerabilities to protect itself from these types of threats, in addition to gaining or maintaining compliance with SOC 2 and ISO 27001. ‍ For many of these standards, you’re required to have vulnerability scanners running to ensure you’re continuously monitoring for new threats.

The Securities and Exchange Commission (SEC) in the United States approved their cyber rules on July 2023, originally proposed in March 2022 for public comments (SEC, 2022; 2023). This has sparked many conversations about how the board of directors and executive management should think about cybersecurity and to what extent public disclosures should be made about cybersecurity incidents and risks. Most notable among them is the requirement that material cyber incidents be reported within four days.

In our exploration of PCI DSS v4.0’s changes, we’ve reached the heart of the matter – Requirement 3: Protect Stored Account Data. While the previous two requirements focused on network and access control, Requirement 3 tackles the crucial issue of securing sensitive cardholder information once it’s captured and stored.

This blog is part of a series about how to use Vanta and AWS to simplify your organization’s cloud security. To learn more about how to use Vanta and AWS, watch our Coffee and Compliance on-demand webinar. ‍ Amazon Web Services, or AWS, is one of the most popular cloud providers for organizations today — providing one of the most flexible and secure cloud environments available.

SOC 2 – which stands for System and Organization Control 2 – is a cybersecurity compliance framework that specifies how third-party service providers should store and process organizational and client data. SOC 2 is part of the American Institute of Certified Public Accountants’ (AICPA) SOC reporting framework and utilizes the AICPA Statement on Standards for Attestation Engagements No. 18 (SSAE 18) standard.

The International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) started creating the 62443 series of standards in 2002.