O'Reilly logo

PCI Compliance, 3rd Edition by Anton Chuvakin, Branden R. Williams

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 13

Don’t Fear the Assessor

Information in this chapter:

• Remember, Assessors Are There to Help

• Dealing With Assessors’ Mistakes

• Planning for Remediation

• Planning for Reassessing

The title of this chapter might shock you a little bit. Why? Have you noticed that the words “audit” and “auditor” in reference to PCI DSS are copiously missing from this book? That’s because the correct terms are “assessment” and “assessor” when referring to PCI DSS. While your QSA may be a CPA, it is not a requirement, and most QSAs are not; instead more come from IT domain. The procedures an assessor uses to validate your compliance with PCI DSS are called the Security Assessment Procedures (not the Auditing Procedures). It’s amazing what the change ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required