+44 (0)20 7877 0060 contact@2-sec.com
Select Page

Archive

I’ve been busy assessing a Microsoft Azure environment as of late, for PCI DSS purposes. So. I go here to download their AoC: https://azure.microsoft.com/en-gb/support/trust-center/compliance/pci-dss/ The date of the AoC is December 31, 2014, and a number of requirements have been “Not Tested”, identified as “N/A” and Compensating Controls have been applied. I guess that’s fair […]

Why is POODLE and SSL v3 a problem?

Why is POODLE and SSL v3 a problem?

As I’m sure you already know, PCI DSS v3.1 introduces a single change to replace “SSL” with “strong cryptography” in section 4.x. Whilst it might be a single change in PCI DSS, it literally means hundreds of thousands of HTTPS web pages...
Third Party Security Assurance for PCI DSS

Third Party Security Assurance for PCI DSS

Almost 2 years ago, 2-sec founded the PCI SSC’s Third Party Security Assurance SIG, following the PCI SSC Community Meeting in Dublin. The aim of the SIG was to incorporate third party security assurance guidance into PCI DSS v3.0 and to produce an information...