Being a responsible corporate citizen and member of the local community is at the core of Control Gap’s daily operations. We believe in making work a rewarding experience by incorporating fun team events within our corporate culture, and supporting cause-related and local organizations.

Blog

WP_Query Object ( [query] => Array ( [post_type] => post [post_status] => publish [cat] => 14, 134, 1 [orderby] => date [order] => desc [posts_per_page] => 3 [paged] => 3 [ignore_sticky_posts] => 1 ) [query_vars] => Array ( [post_type] => post [post_status] => publish [cat] => 14 [orderby] => date [order] => DESC [posts_per_page] => 3 [paged] => 3 [ignore_sticky_posts] => 1 [error] => [m] => [p] => 0 [post_parent] => [subpost] => [subpost_id] => [attachment] => [attachment_id] => 0 [name] => [static] => [pagename] => [page_id] => 0 [second] => [minute] => [hour] => [day] => 0 [monthnum] => 0 [year] => 0 [w] => 0 [category_name] => charity [tag] => [tag_id] => [author] => [author_name] => [feed] => [tb] => [meta_key] => [meta_value] => [preview] => [s] => [sentence] => [title] => [fields] => [menu_order] => [embed] => [category__in] => Array ( ) [category__not_in] => Array ( ) [category__and] => Array ( ) [post__in] => Array ( ) [post__not_in] => Array ( ) [post_name__in] => Array ( ) [tag__in] => Array ( ) [tag__not_in] => Array ( ) [tag__and] => Array ( ) [tag_slug__in] => Array ( ) [tag_slug__and] => Array ( ) [post_parent__in] => Array ( ) [post_parent__not_in] => Array ( ) [author__in] => Array ( ) [author__not_in] => Array ( ) [update_post_term_cache] => 1 [suppress_filters] => [cache_results] => 1 [lazy_load_term_meta] => 1 [update_post_meta_cache] => 1 [nopaging] => [comments_per_page] => 50 [no_found_rows] => ) [tax_query] => WP_Tax_Query Object ( [queries] => Array ( [0] => Array ( [taxonomy] => category [terms] => Array ( [0] => 14 [1] => 134 [2] => 1 ) [field] => term_id [operator] => IN [include_children] => 1 ) ) [relation] => AND [table_aliases:protected] => Array ( [0] => wpcm_term_relationships ) [queried_terms] => Array ( [category] => Array ( [terms] => Array ( [0] => 14 [1] => 134 [2] => 1 ) [field] => term_id ) ) [primary_table] => wpcm_posts [primary_id_column] => ID ) [meta_query] => WP_Meta_Query Object ( [queries] => Array ( ) [relation] => [meta_table] => [meta_id_column] => [primary_table] => [primary_id_column] => [table_aliases:protected] => Array ( ) [clauses:protected] => Array ( ) [has_or_relation:protected] => ) [date_query] => [request] => SELECT SQL_CALC_FOUND_ROWS wpcm_posts.ID FROM wpcm_posts LEFT JOIN wpcm_term_relationships ON (wpcm_posts.ID = wpcm_term_relationships.object_id) WHERE 1=1 AND ( wpcm_term_relationships.term_taxonomy_id IN (1,14,134) ) AND wpcm_posts.post_type = 'post' AND ((wpcm_posts.post_status = 'publish')) GROUP BY wpcm_posts.ID ORDER BY wpcm_posts.menu_order, wpcm_posts.post_date DESC LIMIT 6, 3 [posts] => Array ( [0] => WP_Post Object ( [ID] => 1895 [post_author] => 2 [post_date] => 2018-11-07 05:29:57 [post_date_gmt] => 2018-11-07 05:29:57 [post_content] => To accept credit cards in Canada, businesses need to be PCI compliant. Becoming PCI compliant can be difficult in the first place and keeping up with the changes even more so. In May 2018 the Payment Card Industry (PCI) Security Standards Council (formed to regulate security for the payment card industry) released an updated list of compliance requirements known as the PCI Data Security Standard (DSS) v3.2.1. Let us guide you through these new requirements. We found hundreds of wording changes, most of them innocuous and helpful clarifications, however, a small number of these changes will require some attention in order to maintain compliance after December 2018. This article focuses on changes to the DSS standard.  There were also significant changes to the reporting template which we introduce here and will report on more fully in a follow-up article. Continue reading for everything you need to know about PCI DSS v3.2.1 or contact us now and let us guide you through PCI Compliance.

What Are the Largest Impacts of PCI DSS v3.2.1?

The Changes Amount to Almost Nothing, Except E-Commerce Web Redirection Servers, Reporting Instructions

The changes in DSS 3.2.1 are mostly administrative clarifications, minor fixes, and clean-up of now-expired future-dated requirements. There were hundreds of wording changes, 4 numbering changes, and 3 testing procedures removed. On the surface, these amount to virtually no impact to customer compliance effort. The largest impacts we identified in PCI DSS 3.2.1 are actually not due to changes in the DSS itself but the interpretation of the intent. The changes are most evident in the PCI Self-Assessment Questionnaire A (SAQ-A). Whether an entity is completing an SAQ or a Report on Compliance, e-commerce web redirection servers that utilize iframe or Full URL redirection are now subject to increased requirements, now adding requirement patch management (DSS 6.2) to these system components. This slight increase in compliance footprint size may seem small, and for many organizations doing the right thing it won't be a problem. However, since these changes are quietly buried in the SAQ documents and are not part of the announced DSS changes, we anticipate that this seemingly tiny change will catch many service providers and merchants by surprise and will result in compliance validation delays. Another surprise, is there are significant changes in the reporting instructions that will affect organizations undergoing "level 1" onsite assessments.

What Is the Difference Between PCI DSS v3.2 and PCI DSS v3.2.1?

In addition to the hundreds of wording changes, 4 numbering changes, and 3 testing procedures removed, there were:

19 Total Discrete Change Clusters

  • 19 of these changes have an impact rating of None. These changes have a negligible impact on compliance and help to improve clarity and understanding on intent.
  • 0 of these changes have an impact rating of Low. These changes have a low impact on compliance and are a new incremental change that potentially alter compliance efforts.
  • 0 of these changes have an impact rating of High. These changes have a high impact on compliance and are typically a new requirement or involve potentially significant effort to achieve or sustain compliance.

Zero Evolving (New or Changed) Requirements

  • There are no new or changed “evolving” requirements, which is good news.

Change Analysis - the DSS Standard

There are several other significant differences between PCI DSS V3.2 and PCI DSS V3.2.1. We have prepared a quick overview of the changes in our Change Analysis Brief. We have also prepared a Before & After Redline View if you would like to see every word that changed.

Change Analysis - Report on Compliance Templates (coming soon)

Given the relatively minor nature of this update we were not expecting a lot a changes to the Reporting Templates.  Reporting Templates are mandatory instructions for QSA's working with organizations considered "Level 1's" that must undergo onsite assessments and complete Reports on Compliance. We found there is an increased emphasis on the specifics required in the answers. While we don't believe the intent of the instructions have changed, some organizations may find that RoC's will require additional time and effort to satisfy these changes.

References:

Becoming PCI Compliant can be difficult, so why not let Control Gap guide you. We are the largest dedicated PCI compliance company in Canada. Contact us today and learn more about how we can help you: Get PCI Compliant. Stay PCI Compliant.   [post_title] => PCI DSS v3.2.1 - What You Need to Know to Stay PCI Compliant [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => pci-dss-v3-2-1-what-you-need-to-know-to-stay-pci-compliant [to_ping] => [pinged] => [post_modified] => 2018-11-07 05:29:57 [post_modified_gmt] => 2018-11-07 05:29:57 [post_content_filtered] => [post_parent] => 0 [guid] => http://controlgap.com/?p=1895 [menu_order] => 56 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [1] => WP_Post Object ( [ID] => 1917 [post_author] => 1 [post_date] => 2018-10-19 15:53:15 [post_date_gmt] => 2018-10-19 15:53:15 [post_content] => We are excited to announce that we are supporting Casey Mackay, a student at Humber College finishing his program in Broadcasting, Television and Videography take part in the 2018 Toronto Maple Leafs Skate for Easter Seals Kids taking place on Sunday, November 18, 2018. The Toronto Maple Leafs Skate for Easter Seals Kids is a fundraising event where kids get the opportunity to skate with members of the Toronto Maple Leads team. All proceeds go towards the Easter Seals Ontario foundation which supports kids in the province with physical disabilities. This year, the Easter Seals will host the 41st annual Toronto Maple Leafs Skate for Easter Seals Kids. We supported Casey over the years and are delighted he has reached out to us again for his 16th year at the Toronto Maple Leafs Skate for Easter Kids. If you would like to support Casey and other Easter Seals please click here.   [post_title] => Control Gap is Proud to Support Casey MacKay in the 2018 Toronto Maple Leafs Skate for Easter Seals Kids! [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => control-gap-is-proud-to-support-casey-mackay-in-the-2018-toronto-maple-leafs-skate-for-easter-seals-kids [to_ping] => [pinged] => [post_modified] => 2018-10-19 16:39:14 [post_modified_gmt] => 2018-10-19 16:39:14 [post_content_filtered] => [post_parent] => 0 [guid] => http://controlgap.com/?p=1917 [menu_order] => 60 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [2] => WP_Post Object ( [ID] => 1871 [post_author] => 1 [post_date] => 2018-10-04 12:44:11 [post_date_gmt] => 2018-10-04 12:44:11 [post_content] => In case you missed it, Facebook has had some issues recently and its only getting uglier. Catch up on the news below:

September's Breach

The most recent breach announcement came late last week and the exposure lasted over 13 months: As the new week dawned we began to get more information as Facebook rushed to comply with GDPR notification requirements: More information emerges about the impact, remediation, and GDPR as the week goes on:

Other Recent Issues

Even without the breach Facebook has had other security and privacy issues come to light: A few very recent developments that would normally be positive are likely being completely drowned out by the bad news:

Facebook's Annus Horribilis

Facebook is still dealing with the fallout from previous troubles. In fact  2018 has been a terrible year: [post_title] => Social Network Spiraling - Everything Going On with Facebook Up Until Now [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => social-network-spiraling-everything-going-on-with-facebook-up-until-now [to_ping] => [pinged] => https://controlgap.com/blog/cambridge-analytica-facebook-scandal/ https://business.financialpost.com/pmn/business-pmn/child-experts-file-ftc-complaint-against-facebook-kids-app [post_modified] => 2018-10-15 14:04:06 [post_modified_gmt] => 2018-10-15 14:04:06 [post_content_filtered] => [post_parent] => 0 [guid] => http://controlgap.com/?p=1871 [menu_order] => 63 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) ) [post_count] => 3 [current_post] => -1 [in_the_loop] => [post] => WP_Post Object ( [ID] => 1895 [post_author] => 2 [post_date] => 2018-11-07 05:29:57 [post_date_gmt] => 2018-11-07 05:29:57 [post_content] => To accept credit cards in Canada, businesses need to be PCI compliant. Becoming PCI compliant can be difficult in the first place and keeping up with the changes even more so. In May 2018 the Payment Card Industry (PCI) Security Standards Council (formed to regulate security for the payment card industry) released an updated list of compliance requirements known as the PCI Data Security Standard (DSS) v3.2.1. Let us guide you through these new requirements. We found hundreds of wording changes, most of them innocuous and helpful clarifications, however, a small number of these changes will require some attention in order to maintain compliance after December 2018. This article focuses on changes to the DSS standard.  There were also significant changes to the reporting template which we introduce here and will report on more fully in a follow-up article. Continue reading for everything you need to know about PCI DSS v3.2.1 or contact us now and let us guide you through PCI Compliance.

What Are the Largest Impacts of PCI DSS v3.2.1?

The Changes Amount to Almost Nothing, Except E-Commerce Web Redirection Servers, Reporting Instructions

The changes in DSS 3.2.1 are mostly administrative clarifications, minor fixes, and clean-up of now-expired future-dated requirements. There were hundreds of wording changes, 4 numbering changes, and 3 testing procedures removed. On the surface, these amount to virtually no impact to customer compliance effort. The largest impacts we identified in PCI DSS 3.2.1 are actually not due to changes in the DSS itself but the interpretation of the intent. The changes are most evident in the PCI Self-Assessment Questionnaire A (SAQ-A). Whether an entity is completing an SAQ or a Report on Compliance, e-commerce web redirection servers that utilize iframe or Full URL redirection are now subject to increased requirements, now adding requirement patch management (DSS 6.2) to these system components. This slight increase in compliance footprint size may seem small, and for many organizations doing the right thing it won't be a problem. However, since these changes are quietly buried in the SAQ documents and are not part of the announced DSS changes, we anticipate that this seemingly tiny change will catch many service providers and merchants by surprise and will result in compliance validation delays. Another surprise, is there are significant changes in the reporting instructions that will affect organizations undergoing "level 1" onsite assessments.

What Is the Difference Between PCI DSS v3.2 and PCI DSS v3.2.1?

In addition to the hundreds of wording changes, 4 numbering changes, and 3 testing procedures removed, there were:

19 Total Discrete Change Clusters

  • 19 of these changes have an impact rating of None. These changes have a negligible impact on compliance and help to improve clarity and understanding on intent.
  • 0 of these changes have an impact rating of Low. These changes have a low impact on compliance and are a new incremental change that potentially alter compliance efforts.
  • 0 of these changes have an impact rating of High. These changes have a high impact on compliance and are typically a new requirement or involve potentially significant effort to achieve or sustain compliance.

Zero Evolving (New or Changed) Requirements

  • There are no new or changed “evolving” requirements, which is good news.

Change Analysis - the DSS Standard

There are several other significant differences between PCI DSS V3.2 and PCI DSS V3.2.1. We have prepared a quick overview of the changes in our Change Analysis Brief. We have also prepared a Before & After Redline View if you would like to see every word that changed.

Change Analysis - Report on Compliance Templates (coming soon)

Given the relatively minor nature of this update we were not expecting a lot a changes to the Reporting Templates.  Reporting Templates are mandatory instructions for QSA's working with organizations considered "Level 1's" that must undergo onsite assessments and complete Reports on Compliance. We found there is an increased emphasis on the specifics required in the answers. While we don't believe the intent of the instructions have changed, some organizations may find that RoC's will require additional time and effort to satisfy these changes.

References:

Becoming PCI Compliant can be difficult, so why not let Control Gap guide you. We are the largest dedicated PCI compliance company in Canada. Contact us today and learn more about how we can help you: Get PCI Compliant. Stay PCI Compliant.   [post_title] => PCI DSS v3.2.1 - What You Need to Know to Stay PCI Compliant [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => pci-dss-v3-2-1-what-you-need-to-know-to-stay-pci-compliant [to_ping] => [pinged] => [post_modified] => 2018-11-07 05:29:57 [post_modified_gmt] => 2018-11-07 05:29:57 [post_content_filtered] => [post_parent] => 0 [guid] => http://controlgap.com/?p=1895 [menu_order] => 56 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [comment_count] => 0 [current_comment] => -1 [found_posts] => 55 [max_num_pages] => 19 [max_num_comment_pages] => 0 [is_single] => [is_preview] => [is_page] => [is_archive] => 1 [is_date] => [is_year] => [is_month] => [is_day] => [is_time] => [is_author] => [is_category] => 1 [is_tag] => [is_tax] => [is_search] => [is_feed] => [is_comment_feed] => [is_trackback] => [is_home] => [is_privacy_policy] => [is_404] => [is_embed] => [is_paged] => 1 [is_admin] => [is_attachment] => [is_singular] => [is_robots] => [is_posts_page] => [is_post_type_archive] => [query_vars_hash:WP_Query:private] => ee8ab8ede0b82a490e821463fb3451f9 [query_vars_changed:WP_Query:private] => 1 [thumbnails_cached] => [stopwords:WP_Query:private] => [compat_fields:WP_Query:private] => Array ( [0] => query_vars_hash [1] => query_vars_changed ) [compat_methods:WP_Query:private] => Array ( [0] => init_query_flags [1] => parse_tax_query ) )
WP_Query Object ( [query] => Array ( [post_type] => post [post_status] => publish [cat] => 14, 134, 1 [orderby] => date [order] => desc [posts_per_page] => 3 [paged] => 3 [ignore_sticky_posts] => 1 ) [query_vars] => Array ( [post_type] => post [post_status] => publish [cat] => 14 [orderby] => date [order] => DESC [posts_per_page] => 3 [paged] => 3 [ignore_sticky_posts] => 1 [error] => [m] => [p] => 0 [post_parent] => [subpost] => [subpost_id] => [attachment] => [attachment_id] => 0 [name] => [static] => [pagename] => [page_id] => 0 [second] => [minute] => [hour] => [day] => 0 [monthnum] => 0 [year] => 0 [w] => 0 [category_name] => charity [tag] => [tag_id] => [author] => [author_name] => [feed] => [tb] => [meta_key] => [meta_value] => [preview] => [s] => [sentence] => [title] => [fields] => [menu_order] => [embed] => [category__in] => Array ( ) [category__not_in] => Array ( ) [category__and] => Array ( ) [post__in] => Array ( ) [post__not_in] => Array ( ) [post_name__in] => Array ( ) [tag__in] => Array ( ) [tag__not_in] => Array ( ) [tag__and] => Array ( ) [tag_slug__in] => Array ( ) [tag_slug__and] => Array ( ) [post_parent__in] => Array ( ) [post_parent__not_in] => Array ( ) [author__in] => Array ( ) [author__not_in] => Array ( ) [update_post_term_cache] => 1 [suppress_filters] => [cache_results] => 1 [lazy_load_term_meta] => 1 [update_post_meta_cache] => 1 [nopaging] => [comments_per_page] => 50 [no_found_rows] => ) [tax_query] => WP_Tax_Query Object ( [queries] => Array ( [0] => Array ( [taxonomy] => category [terms] => Array ( [0] => 14 [1] => 134 [2] => 1 ) [field] => term_id [operator] => IN [include_children] => 1 ) ) [relation] => AND [table_aliases:protected] => Array ( [0] => wpcm_term_relationships ) [queried_terms] => Array ( [category] => Array ( [terms] => Array ( [0] => 14 [1] => 134 [2] => 1 ) [field] => term_id ) ) [primary_table] => wpcm_posts [primary_id_column] => ID ) [meta_query] => WP_Meta_Query Object ( [queries] => Array ( ) [relation] => [meta_table] => [meta_id_column] => [primary_table] => [primary_id_column] => [table_aliases:protected] => Array ( ) [clauses:protected] => Array ( ) [has_or_relation:protected] => ) [date_query] => [request] => SELECT SQL_CALC_FOUND_ROWS wpcm_posts.ID FROM wpcm_posts LEFT JOIN wpcm_term_relationships ON (wpcm_posts.ID = wpcm_term_relationships.object_id) WHERE 1=1 AND ( wpcm_term_relationships.term_taxonomy_id IN (1,14,134) ) AND wpcm_posts.post_type = 'post' AND ((wpcm_posts.post_status = 'publish')) GROUP BY wpcm_posts.ID ORDER BY wpcm_posts.menu_order, wpcm_posts.post_date DESC LIMIT 6, 3 [posts] => Array ( [0] => WP_Post Object ( [ID] => 1895 [post_author] => 2 [post_date] => 2018-11-07 05:29:57 [post_date_gmt] => 2018-11-07 05:29:57 [post_content] => To accept credit cards in Canada, businesses need to be PCI compliant. Becoming PCI compliant can be difficult in the first place and keeping up with the changes even more so. In May 2018 the Payment Card Industry (PCI) Security Standards Council (formed to regulate security for the payment card industry) released an updated list of compliance requirements known as the PCI Data Security Standard (DSS) v3.2.1. Let us guide you through these new requirements. We found hundreds of wording changes, most of them innocuous and helpful clarifications, however, a small number of these changes will require some attention in order to maintain compliance after December 2018. This article focuses on changes to the DSS standard.  There were also significant changes to the reporting template which we introduce here and will report on more fully in a follow-up article. Continue reading for everything you need to know about PCI DSS v3.2.1 or contact us now and let us guide you through PCI Compliance.

What Are the Largest Impacts of PCI DSS v3.2.1?

The Changes Amount to Almost Nothing, Except E-Commerce Web Redirection Servers, Reporting Instructions

The changes in DSS 3.2.1 are mostly administrative clarifications, minor fixes, and clean-up of now-expired future-dated requirements. There were hundreds of wording changes, 4 numbering changes, and 3 testing procedures removed. On the surface, these amount to virtually no impact to customer compliance effort. The largest impacts we identified in PCI DSS 3.2.1 are actually not due to changes in the DSS itself but the interpretation of the intent. The changes are most evident in the PCI Self-Assessment Questionnaire A (SAQ-A). Whether an entity is completing an SAQ or a Report on Compliance, e-commerce web redirection servers that utilize iframe or Full URL redirection are now subject to increased requirements, now adding requirement patch management (DSS 6.2) to these system components. This slight increase in compliance footprint size may seem small, and for many organizations doing the right thing it won't be a problem. However, since these changes are quietly buried in the SAQ documents and are not part of the announced DSS changes, we anticipate that this seemingly tiny change will catch many service providers and merchants by surprise and will result in compliance validation delays. Another surprise, is there are significant changes in the reporting instructions that will affect organizations undergoing "level 1" onsite assessments.

What Is the Difference Between PCI DSS v3.2 and PCI DSS v3.2.1?

In addition to the hundreds of wording changes, 4 numbering changes, and 3 testing procedures removed, there were:

19 Total Discrete Change Clusters

  • 19 of these changes have an impact rating of None. These changes have a negligible impact on compliance and help to improve clarity and understanding on intent.
  • 0 of these changes have an impact rating of Low. These changes have a low impact on compliance and are a new incremental change that potentially alter compliance efforts.
  • 0 of these changes have an impact rating of High. These changes have a high impact on compliance and are typically a new requirement or involve potentially significant effort to achieve or sustain compliance.

Zero Evolving (New or Changed) Requirements

  • There are no new or changed “evolving” requirements, which is good news.

Change Analysis - the DSS Standard

There are several other significant differences between PCI DSS V3.2 and PCI DSS V3.2.1. We have prepared a quick overview of the changes in our Change Analysis Brief. We have also prepared a Before & After Redline View if you would like to see every word that changed.

Change Analysis - Report on Compliance Templates (coming soon)

Given the relatively minor nature of this update we were not expecting a lot a changes to the Reporting Templates.  Reporting Templates are mandatory instructions for QSA's working with organizations considered "Level 1's" that must undergo onsite assessments and complete Reports on Compliance. We found there is an increased emphasis on the specifics required in the answers. While we don't believe the intent of the instructions have changed, some organizations may find that RoC's will require additional time and effort to satisfy these changes.

References:

Becoming PCI Compliant can be difficult, so why not let Control Gap guide you. We are the largest dedicated PCI compliance company in Canada. Contact us today and learn more about how we can help you: Get PCI Compliant. Stay PCI Compliant.   [post_title] => PCI DSS v3.2.1 - What You Need to Know to Stay PCI Compliant [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => pci-dss-v3-2-1-what-you-need-to-know-to-stay-pci-compliant [to_ping] => [pinged] => [post_modified] => 2018-11-07 05:29:57 [post_modified_gmt] => 2018-11-07 05:29:57 [post_content_filtered] => [post_parent] => 0 [guid] => http://controlgap.com/?p=1895 [menu_order] => 56 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [1] => WP_Post Object ( [ID] => 1917 [post_author] => 1 [post_date] => 2018-10-19 15:53:15 [post_date_gmt] => 2018-10-19 15:53:15 [post_content] => We are excited to announce that we are supporting Casey Mackay, a student at Humber College finishing his program in Broadcasting, Television and Videography take part in the 2018 Toronto Maple Leafs Skate for Easter Seals Kids taking place on Sunday, November 18, 2018. The Toronto Maple Leafs Skate for Easter Seals Kids is a fundraising event where kids get the opportunity to skate with members of the Toronto Maple Leads team. All proceeds go towards the Easter Seals Ontario foundation which supports kids in the province with physical disabilities. This year, the Easter Seals will host the 41st annual Toronto Maple Leafs Skate for Easter Seals Kids. We supported Casey over the years and are delighted he has reached out to us again for his 16th year at the Toronto Maple Leafs Skate for Easter Kids. If you would like to support Casey and other Easter Seals please click here.   [post_title] => Control Gap is Proud to Support Casey MacKay in the 2018 Toronto Maple Leafs Skate for Easter Seals Kids! [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => control-gap-is-proud-to-support-casey-mackay-in-the-2018-toronto-maple-leafs-skate-for-easter-seals-kids [to_ping] => [pinged] => [post_modified] => 2018-10-19 16:39:14 [post_modified_gmt] => 2018-10-19 16:39:14 [post_content_filtered] => [post_parent] => 0 [guid] => http://controlgap.com/?p=1917 [menu_order] => 60 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [2] => WP_Post Object ( [ID] => 1871 [post_author] => 1 [post_date] => 2018-10-04 12:44:11 [post_date_gmt] => 2018-10-04 12:44:11 [post_content] => In case you missed it, Facebook has had some issues recently and its only getting uglier. Catch up on the news below:

September's Breach

The most recent breach announcement came late last week and the exposure lasted over 13 months: As the new week dawned we began to get more information as Facebook rushed to comply with GDPR notification requirements: More information emerges about the impact, remediation, and GDPR as the week goes on:

Other Recent Issues

Even without the breach Facebook has had other security and privacy issues come to light: A few very recent developments that would normally be positive are likely being completely drowned out by the bad news:

Facebook's Annus Horribilis

Facebook is still dealing with the fallout from previous troubles. In fact  2018 has been a terrible year: [post_title] => Social Network Spiraling - Everything Going On with Facebook Up Until Now [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => social-network-spiraling-everything-going-on-with-facebook-up-until-now [to_ping] => [pinged] => https://controlgap.com/blog/cambridge-analytica-facebook-scandal/ https://business.financialpost.com/pmn/business-pmn/child-experts-file-ftc-complaint-against-facebook-kids-app [post_modified] => 2018-10-15 14:04:06 [post_modified_gmt] => 2018-10-15 14:04:06 [post_content_filtered] => [post_parent] => 0 [guid] => http://controlgap.com/?p=1871 [menu_order] => 63 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) ) [post_count] => 3 [current_post] => -1 [in_the_loop] => [post] => WP_Post Object ( [ID] => 1895 [post_author] => 2 [post_date] => 2018-11-07 05:29:57 [post_date_gmt] => 2018-11-07 05:29:57 [post_content] => To accept credit cards in Canada, businesses need to be PCI compliant. Becoming PCI compliant can be difficult in the first place and keeping up with the changes even more so. In May 2018 the Payment Card Industry (PCI) Security Standards Council (formed to regulate security for the payment card industry) released an updated list of compliance requirements known as the PCI Data Security Standard (DSS) v3.2.1. Let us guide you through these new requirements. We found hundreds of wording changes, most of them innocuous and helpful clarifications, however, a small number of these changes will require some attention in order to maintain compliance after December 2018. This article focuses on changes to the DSS standard.  There were also significant changes to the reporting template which we introduce here and will report on more fully in a follow-up article. Continue reading for everything you need to know about PCI DSS v3.2.1 or contact us now and let us guide you through PCI Compliance.

What Are the Largest Impacts of PCI DSS v3.2.1?

The Changes Amount to Almost Nothing, Except E-Commerce Web Redirection Servers, Reporting Instructions

The changes in DSS 3.2.1 are mostly administrative clarifications, minor fixes, and clean-up of now-expired future-dated requirements. There were hundreds of wording changes, 4 numbering changes, and 3 testing procedures removed. On the surface, these amount to virtually no impact to customer compliance effort. The largest impacts we identified in PCI DSS 3.2.1 are actually not due to changes in the DSS itself but the interpretation of the intent. The changes are most evident in the PCI Self-Assessment Questionnaire A (SAQ-A). Whether an entity is completing an SAQ or a Report on Compliance, e-commerce web redirection servers that utilize iframe or Full URL redirection are now subject to increased requirements, now adding requirement patch management (DSS 6.2) to these system components. This slight increase in compliance footprint size may seem small, and for many organizations doing the right thing it won't be a problem. However, since these changes are quietly buried in the SAQ documents and are not part of the announced DSS changes, we anticipate that this seemingly tiny change will catch many service providers and merchants by surprise and will result in compliance validation delays. Another surprise, is there are significant changes in the reporting instructions that will affect organizations undergoing "level 1" onsite assessments.

What Is the Difference Between PCI DSS v3.2 and PCI DSS v3.2.1?

In addition to the hundreds of wording changes, 4 numbering changes, and 3 testing procedures removed, there were:

19 Total Discrete Change Clusters

  • 19 of these changes have an impact rating of None. These changes have a negligible impact on compliance and help to improve clarity and understanding on intent.
  • 0 of these changes have an impact rating of Low. These changes have a low impact on compliance and are a new incremental change that potentially alter compliance efforts.
  • 0 of these changes have an impact rating of High. These changes have a high impact on compliance and are typically a new requirement or involve potentially significant effort to achieve or sustain compliance.

Zero Evolving (New or Changed) Requirements

  • There are no new or changed “evolving” requirements, which is good news.

Change Analysis - the DSS Standard

There are several other significant differences between PCI DSS V3.2 and PCI DSS V3.2.1. We have prepared a quick overview of the changes in our Change Analysis Brief. We have also prepared a Before & After Redline View if you would like to see every word that changed.

Change Analysis - Report on Compliance Templates (coming soon)

Given the relatively minor nature of this update we were not expecting a lot a changes to the Reporting Templates.  Reporting Templates are mandatory instructions for QSA's working with organizations considered "Level 1's" that must undergo onsite assessments and complete Reports on Compliance. We found there is an increased emphasis on the specifics required in the answers. While we don't believe the intent of the instructions have changed, some organizations may find that RoC's will require additional time and effort to satisfy these changes.

References:

Becoming PCI Compliant can be difficult, so why not let Control Gap guide you. We are the largest dedicated PCI compliance company in Canada. Contact us today and learn more about how we can help you: Get PCI Compliant. Stay PCI Compliant.   [post_title] => PCI DSS v3.2.1 - What You Need to Know to Stay PCI Compliant [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => pci-dss-v3-2-1-what-you-need-to-know-to-stay-pci-compliant [to_ping] => [pinged] => [post_modified] => 2018-11-07 05:29:57 [post_modified_gmt] => 2018-11-07 05:29:57 [post_content_filtered] => [post_parent] => 0 [guid] => http://controlgap.com/?p=1895 [menu_order] => 56 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [comment_count] => 0 [current_comment] => -1 [found_posts] => 55 [max_num_pages] => 19 [max_num_comment_pages] => 0 [is_single] => [is_preview] => [is_page] => [is_archive] => 1 [is_date] => [is_year] => [is_month] => [is_day] => [is_time] => [is_author] => [is_category] => 1 [is_tag] => [is_tax] => [is_search] => [is_feed] => [is_comment_feed] => [is_trackback] => [is_home] => [is_privacy_policy] => [is_404] => [is_embed] => [is_paged] => 1 [is_admin] => [is_attachment] => [is_singular] => [is_robots] => [is_posts_page] => [is_post_type_archive] => [query_vars_hash:WP_Query:private] => ee8ab8ede0b82a490e821463fb3451f9 [query_vars_changed:WP_Query:private] => 1 [thumbnails_cached] => [stopwords:WP_Query:private] => [compat_fields:WP_Query:private] => Array ( [0] => query_vars_hash [1] => query_vars_changed ) [compat_methods:WP_Query:private] => Array ( [0] => init_query_flags [1] => parse_tax_query ) )
PCI DSS v3.2.1 – What You Need to Know to Stay PCI Compliant
November 7 2018

To accept credit cards in Canada, businesses need to be PCI compliant. Becoming PCI compliant can be difficult in the first place and keeping up with the changes even more so. In May 2018 the Payment Card Industry (PCI) Security Standards Council (formed to regulate security for the payment card industry) released an updated list

Read More
Control Gap is Proud to Support Casey MacKay in the 2018 Toronto Maple Leafs Skate for Easter Seals Kids!
October 19 2018

We are excited to announce that we are supporting Casey Mackay, a student at Humber College finishing his program in Broadcasting, Television and Videography take part in the 2018 Toronto Maple Leafs Skate for Easter Seals Kids taking place on Sunday, November 18, 2018. The Toronto Maple Leafs Skate for Easter Seals Kids is a

Read More
Social Network Spiraling – Everything Going On with Facebook Up Until Now
October 4 2018

In case you missed it, Facebook has had some issues recently and its only getting uglier. Catch up on the news below: September’s Breach The most recent breach announcement came late last week and the exposure lasted over 13 months: User single-signon “access tokens” were exposed through the “view as” feature.  At least 53M users 

Read More

e-newsletter

Want important PCI information delivered to you? Sign-up to our e-newsletter and be the first one to know about industry news and trend, offers and promotions.

×

Contact

×

PCI Pilot™ is coming soon!

Our highly-anticipated online tool will be launching very soon to make your PCI SAQ process quick and seamless.

Sign-up today and be among the first to know when PCI Pilot™ is live!