Explore the mapping efforts between the NIST Cybersecurity Framework and PCI DSS in this 48-minute conference talk from RSA Conference. Gain insights from Troy Leach and Emma Sutcliffe of the PCI Security Standards Council as they discuss their collaboration with NIST, highlight similarities between the two frameworks, and explain the benefits of mapping for organizations dealing with multiple compliance requirements. Learn about the mapping process, lessons learned, and potential goals for future DSS versions. Understand how to apply this knowledge to reduce your security footprint and improve compliance strategies across different audiences.
Overview
Syllabus
Intro
PCI Security Standards Council
PCI Security Standards and Programs Standards, Training and Certification Programs, Educational Resources
PCI DSS and the NIST Cybersecurity Framework
Standard vs. Framework
Mapping Relationships
Observations from Mapping Exercises
Example Mappings - Equivalence
Example Mappings - Subset
Example Mappings - Intersections
Mapping View
Reverse View
Example Mappings - Not Related
The Mapping Process
Lessons Learned
Objective Based Requirements
DSS Potential Goals
Security Approach for Different Audiences
TIMELINE FOR DSS V4.0 ENGAGEMENT
Ways to Reduce Footprint
Apply what you have learned
RSAConference 2019
Taught by
RSA Conference
Related Courses
-
Cybersecurity Compliance Framework, Standards & Regulations
-
Cybersecurity Compliance Framework & System Administration
3.0 -
Are You Really PCI DSS Compliant - Case Studies of PCI DSS Failure
-
NIST Privacy Framework IRL - Use Cases from the Field
-
Ten Tenets of CISO Success
-
Cybersecurity for Real Life - Using the NIST Framework to Protect Your Critical Infrastructure
