The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect account data. PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers.
RSA Archer PCI Management enables organizations to streamline the compliance process, simplify stakeholder participation, and reduce overall compliance effort and cost. It allows organizations to jumpstart a PCI compliance program by conducting continuous assessments and providing visibility to manage and mitigate risk.
The PCI Standard Security Council (PCI SSC) released a new content set in the latest PCI DSS version 3.2.1. RSA Archer Release 6.8 includes updates to the RSA Archer PCI Management use case to leverage new content and self-assessment questionnaires (SAQs) available with PCI DSS version 3.2.1.
RSA Archer PCI Management guides merchants through the completion of relevant self-assessment questionnaires (SAQs). It also provides packaging and export of compliance program results and attestation articles in a properly formatted PCI Report on Compliance (RoC) for easy submission and review.
Customers can show compliance to the latest version of PCI DSS 3.2.1 by:
- Using the new content for PCI DSS 3.2.1 available in the Authoritative Sources, Control standards, Master Controls, Question library applications.
- Completing the required, new PCI 3.2.1 Self-Assessment Questionnaire (SAQ).
- Performing a full Report on Compliance (RoC) assessment which has been updated to reflect version 3.2.1.
- Using an update to the PCI Internal Stakeholder dashboard, which includes a new landing page iView and incorporates some of the new charting capabilities that were added in RSA Archer Release 6.7.
- Leveraging documentation updates.