PCI Council updates penetration testing guidance for merchants
The PCI Security Standards Council has released guidance to help merchants improve their system for regularly testing security controls and processes impacting payment card security.
On Thursday, the 43-page informational supplement (PDF) was published, offering best practices for penetration testing components, qualifications for penetration testers, penetration testing methodology and reporting guidelines, a release from the Council said.
“An update to PCI guidance published in 2008, the document also includes three case studies which illustrate the various concepts presented within the document, as well as a quick-reference guide to assist in navigating the penetration testing requirements,” the release added.
The updated guidance comes after Verizon published its 2015 PCI Compliance Report this month, revealing that Requirement 11 of PCI DSS was a a compliance weak point for organizations. Requirement 11 states that organizations should regularly test security systems and processes.