Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Payment Card Industry Data Security Standard (PCI DSS) 4.0, issued a comprehensive set of requirements, to safeguard online payment systems against breaches and theft of cardholder data. Requirement 6.4.3 is one of the critical components for businesses that take online payment and focuses on the management and integrity of scripts on webpages that take payment card (i.e.m credit card) payments.

Complying with International Organization for Standardization/International Electrotechnical Commission 27001 (ISO/IEC 27001) is crucial for ensuring robust cybersecurity practices within your organization and safeguarding your crucial assets.

In the ever-evolving landscape of cybersecurity, staying updated with the latest standards and protocols is crucial. One such standard that has undergone significant changes is the Payment Card Industry Data Security Standard (PCI DSS) Requirement 11. This requirement, focused on the regular testing of security systems and networks, has seen notable updates in its transition from version 3.2.1 to version 4.0.

This blog is part of a series about how to use Vanta and AWS to simplify your organization’s cloud security. To learn more about how to use Vanta and AWS, watch our Coffee and Compliance on-demand webinar. ‍ Amazon Web Services, or AWS, is one of the most popular cloud providers for organizations today — providing one of the most flexible and secure cloud environments available.

Hackers move fast. The cybersecurity industry works hard to move as fast (or faster) than hackers. And regulators work to keep pace. In 2017, the New York Department of Financial Services enacted the sector’s most ambitious set of cybersecurity regulations: 23 NYCRR Part 500. These “Part 500” rules have been updated to reflect the evolving threat landscape, the most recent change (“Amendment 2”) implemented in December 2023 to address emerging cybersecurity needs.

Compliance in healthcare is a critical component to preserving the sanctity of modern society. Compliance in any industry ensures adherence to a minimum set of requirements to ensure quality of service; while undoubtedly important everywhere, it’s more so in healthcare due to its direct impact on human lives. For example, while financial compliance secures the safety of our funds, healthcare compliance ensures the safety of our personal selves.

The EU AI Act (the “AI Act”) is the world’s first comprehensive AI law. The Act lays down a harmonised legal framework for the development, supply, and use of AI products and services in the EU.

Over the past month, we’ve rolled out several new capabilities.

As time marches on and technology develops, there’s a constant push and pull between information security and attempts to breach that security. Obscurity – simply hiding from sight – isn’t enough with automated processes capable of scanning any possible address looking for signs of life, so much of modern computer security comes down to cryptography. Pretty much everyone has some experience with cryptography, from our childhood spy media to modern computer science.

Keeping track of who is accessing your systems and data is a critical part of any security program. Requirement 10 of the PCI DSS covers logging and monitoring controls that allow organizations to detect unauthorized access attempts and track user activities. In the newly released PCI DSS 4.0, Requirement 10 has seen some notable updates that expand logging capabilities and provide more flexibility for merchants and service providers.