SIG to Provide Penetration Testing Clarification
Online, December 10, 2013 (Newswire.com) - To supplement outdated community guidance on penetration testing, SecurityMetrics, PSC, and @Sec proposed a Payment Card Industry (PCI) Special Interest Group (SIG) to enable further clarification of PCI DSS Information Supplement: Requirement 11.3 and minimize inconsistencies in testing methodology. On Dec 5, the PCI Council publically announced the penetration testing guidance SIG was officially selected.
Due to numerous interpretations of Requirement 11.3, current penetration testing challenges include scope, testing methodology, and reporting inconsistencies. These challenges make it difficult for assessment groups to know that tests sufficiently meet the PCI requirement's intent.
"It's tiring to defend what a pen test should be," said Gary Glover, SecurityMetrics Director of Security Assessments. "We must update the guidelines with the knowledge we've gleaned over the past five years to ensure merchants, service providers, QSAs, and pen test groups are all on the same page when defining a successful penetration test."
Through case studies, templates, and best practices, the SIG will clarify information supplement documentation and provide guidance on:
          -Authenticated testing conditions
          -Assessment reports
          -Internal and external scoping
For more information about SecurityMetrics services such as penetration testing or PCI compliance, please contact SecurityMetrics at 801.705.5656 or audits@securitymetrics.com.
About SecurityMetrics (www.securitymetrics.com)
SecurityMetrics protects electronic commerce and payments leaders, global acquirers, and their retail customers from security breaches and data theft. The company is a leading provider and innovator in merchant data security, and as an Approved Scanning Vendor and Qualified Security Assessor, has helped over 1 million organizations manage PCI DSS compliance and/or secure their network infrastructure, data communication, and other information assets. Founded in October 2000, SecurityMetrics is a privately held company headquartered in Orem, Utah, USA.