Home >Documents >Compliance Dashboard v0.6

Compliance Dashboard v0.6

Date post:05-Apr-2018
Category:
View:220 times
Download:0 times
Share this document with a friend
Transcript:
  • 7/31/2019 Compliance Dashboard v0.6

    1/448

    V0.1 Requirements and testing procedures Jan 2011

    V0.2 Add merchant type for each requirements Feb 2011

    V0.3 Include Prioritized Approach milestones as defined by PCIco

    Add a column Priority with PCIco Milestones (1 to 6)

    Add a column Status of implementation

    Add a column Estimated date to completion

    Add sheet actors

    August 2011

    V0.4 Add a sheet" What is my merchant Type?" with the full description of the merchanttypes

    Add Major observations from the 2011 Verizon PCI Compliance Report for each of

    the twelve requirement

    Add a column "Validation instructions for QSA/ISA" from the new released ROC-

    QSA Reporting Instruction Manual

    October 2011

    V0.5 Add Guidance for each requirements from the "Navigating PCI DSS V2.0"

    Add a compensating control sheet for the definition and management of

    compensating controls. Whenever a compensating control is present refer to it into

    the column (in place) by the associated ID into the compensating controls sheet

    Add Glossary

    November 2011

    What's new?

    PCI Compliance Dashboard VERSIPlease feel free to use this compliance dashboard spreadsheet to sustain y

    PCI compliance, to support the discussion with your internal team, QSA and a

    Please send any comments, observations or suggestions to [email protected]

  • 7/31/2019 Compliance Dashboard v0.6

    2/448

    Compliance Dashboard home page

    More information

    PCI 30 seconds newsletter - PCI what are you talking about?

    PCI 30 seconds newsletter - Payment processing terminology and workflow

    PCI 30 seconds newsletter - Distributing roles

    PCI 30 seconds newsletter - Merchant levels

    PCI 30 seconds newsletter ) What is your type?

    PCI 30 seconds newsletter - PCI DSS in a nutshel

    PCI 30 seconds newsletter - Define the scope of an assessment

    PCI 30 seconds newsletter - certification program, striving for quality

    PCI 30 seconds newsletter- The validation toolboxPCI 30 seconds newsletter - Prioritized Approach

    PCI 30 seconds newsletter - Tokenization

    PCI 30 seconds newsletter - the gap analysis process

    PCI 30 seconds newsletter - Compensating controls, magic trick or mirage?

    PCI 30 seconds newsletter - The world is not perfect!

    PCI 30 seconds newsletter - Nice Look!

    Thoughts on the Verizon PCI Compliance Report

    Can I use compensating control to resolve vulnerabilities found during a scan?

    What to do if my organization can't demonstrate four passing Internal or external scans?

    Verizon 2011 PCI Compliance Report

    Add an Executive Summary Tab Including # of requirements, % of compliance,

    Severity (sum of all severities) depending on the selected merchant type.

    Add Charts Tab including Severity per Requirement and % compliance per

    requirement

    Add Severity Column (= PCI defined priority for not in place requirements)

    Add list boxes for the In place/not in place and Compensating control present.

    All sheets are protected to avoid accidental deletion. (No password)

    Instructions:

    1.Select your merchant type within the sheet "Executive summary"

    2.Select the appropriate answer for each requirements (Column L: Y/N/C)

    3. Use the compensating controls sheet to describe your controls whenever used.

    4.View your compliance progress through the "Executive summary" and " Charts"

    V0.6

    December 2011

    https://community.rapid7.com/docs/DOC-1512https://community.rapid7.com/community/infosec/blog/2011/05/11/pci-30-sec-newsletter-1-pci-what-are-you-talking-abouthttps://community.rapid7.com/community/infosec/blog/2011/05/11/pci-newsletter-2-payment-processing-terminology-and-workflowhttps://community.rapid7.com/community/infosec/blog/2011/05/26/pci-30-sec-newsletter-3--role-distributionhttps://community.rapid7.com/community/infosec/blog/2011/06/06/pci-30-seconds-newsletter-n-4-merchant-levels-what-who-and-howhttps://community.rapid7.com/community/infosec/blog/2011/06/15/pci-30-seconds-newsletter-n-5-what-is-your-typehttps://community.rapid7.com/community/infosec/blog/2011/07/06/pci-30-sec-newsletter-8--dss-in-a-nutshellhttps://community.rapid7.com/community/infosec/blog/2011/07/14/pci-30-seconds-newsletter-9-defining-the-scope-of-the-pci-assessmenthttps://community.rapid7.com/community/infosec/blog/2011/06/30/pci-30-sec-newsletter-7--certification-programs-striving-for-qualityhttps://community.rapid7.com/community/infosec/blog/2011/06/21/pci-30-seconds-newsletter-n-6-the-validation-toolboxhttps://community.rapid7.com/community/infosec/blog/2011/08/11/pci-30-seconds-newsletter-10-prioritized-approachhttps://community.rapid7.com/community/infosec/blog/2011/08/19/pci-30-seconds-newsletter-11-tokenizationhttps://community.rapid7.com/community/infosec/blog/2011/08/31/pci-30-seconds-newsletter-12-the-gap-analysis-processhttps://community.rapid7.com/community/infosec/blog/2011/11/14/pci-30-seconds-newsletter-14-the-world-isnt-perfecthttps://community.rapid7.com/community/infosec/blog/2011/11/28/pci-30-seconds-newsletter-15-nice-lookhttps://community.rapid7.com/community/infosec/blog/2011/09/30/consideration-about-the-verizon-2011-payment-card-compliance-reporthttps://community.rapid7.com/community/infosec/blog/2011/09/26/can-i-use-compensating-control-to-resolve-vulnerabilities-found-during-a-scanhttp://localhost/ttps/::community.rapid7.com:community:infosec:blog:2011:09:22:what-to-do-if-my-organization-can-t-demonstrate-four-passing-pci-internal-or-external-scanshttp://www.verizonbusiness.com/resources/reports/rp_2011-payment-card-industry-compliance-report_en_xg.pdfhttp://www.verizonbusiness.com/resources/reports/rp_2011-payment-card-industry-compliance-report_en_xg.pdfhttp://localhost/ttps/::community.rapid7.com:community:infosec:blog:2011:09:22:what-to-do-if-my-organization-can-t-demonstrate-four-passing-pci-internal-or-external-scanshttps://community.rapid7.com/community/infosec/blog/2011/09/26/can-i-use-compensating-control-to-resolve-vulnerabilities-found-during-a-scanhttps://community.rapid7.com/community/infosec/blog/2011/09/30/consideration-about-the-verizon-2011-payment-card-compliance-reporthttps://community.rapid7.com/community/infosec/blog/2011/11/28/pci-30-seconds-newsletter-15-nice-lookhttps://community.rapid7.com/community/infosec/blog/2011/11/14/pci-30-seconds-newsletter-14-the-world-isnt-perfecthttps://community.rapid7.com/community/infosec/blog/2011/08/31/pci-30-seconds-newsletter-12-the-gap-analysis-processhttps://community.rapid7.com/community/infosec/blog/2011/08/19/pci-30-seconds-newsletter-11-tokenizationhttps://community.rapid7.com/community/infosec/blog/2011/08/11/pci-30-seconds-newsletter-10-prioritized-approachhttps://community.rapid7.com/community/infosec/blog/2011/06/21/pci-30-seconds-newsletter-n-6-the-validation-toolboxhttps://community.rapid7.com/community/infosec/blog/2011/06/30/pci-30-sec-newsletter-7--certification-programs-striving-for-qualityhttps://community.rapid7.com/community/infosec/blog/2011/07/14/pci-30-seconds-newsletter-9-defining-the-scope-of-the-pci-assessmenthttps://community.rapid7.com/community/infosec/blog/2011/07/06/pci-30-sec-newsletter-8--dss-in-a-nutshellhttps://community.rapid7.com/community/infosec/blog/2011/06/15/pci-30-seconds-newsletter-n-5-what-is-your-typehttps://community.rapid7.com/community/infosec/blog/2011/06/06/pci-30-seconds-newsletter-n-4-merchant-levels-what-who-and-howhttps://community.rapid7.com/community/infosec/blog/2011/05/26/pci-30-sec-newsletter-3--role-distributionhttps://community.rapid7.com/community/infosec/blog/2011/05/11/pci-newsletter-2-payment-processing-terminology-and-workflowhttps://community.rapid7.com/community/infosec/blog/2011/05/11/pci-30-sec-newsletter-1-pci-what-are-you-talking-abouthttps://community.rapid7.com/docs/DOC-1512
  • 7/31/2019 Compliance Dashboard v0.6

    3/448

    Contributor

    Peter Hill

    Didier Godart

    Risk Product Manager

    Rapid7

    +32 498787744

    SkypeID Dgozone

    [email protected]

    m

    Didier Godart

    Risk Product Manager

    Rapid7

    +32 498787744

    SkypeID Dgozone

    [email protected]

    m

    Didier GodartRisk Product Manager

    Rapid7

    +32 498787744

    SkypeID Dgozone

    [email protected]

    m

    Didier Godart

    Risk Product Manager

    Rapid7

    +32 498787744

    SkypeID Dgozone

    [email protected]

    m

    About Didier About Rapid7 Join the community!

    ON 0.5ur journey to

    cquiring banks.

    pid7.com

    http://be.linkedin.com/in/didiergodarthttp://www.rapid7.com/https://community.rapid7.com/index.jspahttps://community.rapid7.com/index.jspahttp://www.rapid7.com/http://be.linkedin.com/in/didiergodart
  • 7/31/2019 Compliance Dashboard v0.6

    4/448

    Didier Godart

    Risk Product Manager

    Rapid7

    +32 498787744

    SkypeID Dgozone

    [email protected]

    m

    About Didier About Rapid8 Join the community!

    Swathy Anand

    Vice President - Project

    Management

    Fuze Network

    [email protected]

    m

    About Swathy About Fuze Network

    http://be.linkedin.com/in/didiergodarthttp://www.rapid7.com/https://community.rapid7.com/index.jspahttp://www.linkedin.com/profile/view?id=14392124&locale=en_US&trk=tyahhttp://www.fuzenetwork.com/http://www.fuzenetwork.com/http://www.linkedin.com/profile/view?id=14392124&locale=en_US&trk=tyahhttps://community.rapid7.com/index.jspahttp://www.rapid7.com/http://be.linkedin.com/in/didiergodart
  • 7/31/2019 Compliance Dashboard v0.6

    5/448

    ORGANIZATION NAME

    Merchant Type: D

    PCI-DSS REQUIREMENTS % compliance# of

    Requirements# in Place # not i

of 449

Embed Size (px)
Recommended