Recently the PCI Security Standards Council (PCI SSC) released the Payment Card Industry Data Security Standard (PCI DSS) Risk Assessment Guidelines Information Supplement.One of the PCI SSC’s key recommendations isContinuous Compliance. It states “A continuous risk assessment process enables ongoing discovery of emerging threats and vulnerabilities, allowing an organization to mitigate such threats and vulnerabilities in a proactive and timely manner”.
Ongoing discovery of emerging threats and vulnerabilities for sections 1.1 and 1.2 (automated firewall operations) is made easy with Firewall Policy Management solutions that analyze policy changes in real-time. Rather than waiting for an audit to analyze and mitigate violations that accumulated over the audit period, identifying the violations as they happen enables resolving them instantly and maintaining compliance over time.
If PCI compliance is maintained year round, then an audit no longer requires the time and efforts that usually go into the periodic preparation of supporting documentation. Additionally, organizations can prove a high security standard to their customers and control firewall-related threats and vulnerabilities in a proactive and timely manner.