From Search Security:
Among the Payment Card Industry (PCI) Data Security Standard’s 12 requirements is a mandate for Web and application security. Requirement six specifically calls for merchants and credit card issuers to “develop and maintain secure systems and applications.”
While many parts of the standard have caused headaches for companies using credit cards in their business, Section 6 is especially painful. Like other PCI DSS requirements, some of it is common sense and easy to implement, and the rest is ambiguous and confusing to understand, not to mention difficult and costly to implement.
What makes it more painful is that unlike the rest of the standard, the last part, Section 6.6, is only recommended as a “best practice.” It becomes a requirement June 30, 2008, and if companies want to be compliant by that date, they have to begin their work now.
For the full article read on.
[tags]PCI, PCI DSS, Application Security[/tags]
