{"id":7897,"date":"2022-12-16T11:36:08","date_gmt":"2022-12-16T19:36:08","guid":{"rendered":"https:\/\/cheapsslsecurity.com\/blog\/?p=7897"},"modified":"2022-12-16T11:36:10","modified_gmt":"2022-12-16T19:36:10","slug":"overview-pci-dss-requirements-v4-0","status":"publish","type":"post","link":"https:\/\/cheapsslsecurity.com\/blog\/overview-pci-dss-requirements-v4-0\/","title":{"rendered":"A 6-Minute Overview of the PCI DSS Requirements [For PCI DSS v.4.0]"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">In the U.S., the costs of fraud for ecommerce and retail companies have shot up, reaching <a href=\"https:\/\/risk.lexisnexis.com\/insights-resources\/research\/us-ca-true-cost-of-fraud-study\">$3.75 for each $1<\/a> of fraud including credit card data. It\u2019s one example of why businesses need to abide by Payment Card Industry Data Security Standards \u2014 and here\u2019s an overview of the PCI DSS requirements you need to meet to do so\u2026<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">With <a href=\"https:\/\/www.oreilly.com\/pub\/pr\/3333\">90% of organizations<\/a> interviewed by O\u2019Reilly in 2021 using cloud computing and the fast-evolving security threats in the digital world, the now four years old <a href=\"https:\/\/cheapsslsecurity.com\/blog\/what-is-pci-dss-meaning-overview\/\">Payment Card Industry Data Security Standards<\/a> (PCI DSS) v3.2.1 needed a revamp. The new version (<a href=\"https:\/\/www.pcisecuritystandards.org\/documents\/PCI-DSS-v4_0.pdf\">PCI DSS v4.0<\/a>), which was published in March 2022, includes massive changes for all organizations handling card payment data in some way. (What we mean by that is that they store, process, or transmit the data.)<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">No panic! You have until March 31, 2024, to implement the required changes. But as the early bird catches the worm, we&#8217;ll give you a jump start. To make your life easier we&#8217;ve put together a high-level, 6-minute overview of the most important new PCI DSS requirements.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It\u2019ll enable you to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Understand what the changes mean to your organization.<\/li>\n\n\n\n<li>Give you a rough idea of the time you need to complete the transition from v3.2.1 to v4.0.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">C\u2019mon, grab a coffee and start to familiarize yourself with the new policies now.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Cybercriminals and their attacks are evolving, but they aren\u2019t the only ones. The Payment Card Industry Data Security Standards (PCI DSS) are, too! Find out what\u2019s new in the latest PCI DSS requirements for version 4.0. Discover the latest key changes in PCI DSS v4.0 that\u2019ll help you better secure your customers\u2019 sensitive financial data and thwart cybercriminals\u2019 efforts.\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Are the Key New PCI DSS Requirements For v.4.0?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The <a href=\"https:\/\/www.pcisecuritystandards.org\/\">Payment Card Industry Security Standards Council<\/a> (PCI SSC) introduced 64 changes and clarifications in the new DSS v4.0 document. These changes are intended to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Address the ever-evolving risks and threats to payment information,<\/li>\n\n\n\n<li>Promote security as a continuous process, and<\/li>\n\n\n\n<li>Make it easier for organizations to comply by allowing them to choose among different security technologies that better adapt to their business processes.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">We\u2019ve picked the most significant ones you\u2019ll need to know to ensure a smooth transition. But before we dive in, why don\u2019t you familiarize yourself with the \u201chistory\u201d of the PCI DSS with this entertaining short video?<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"PCI SSC: The Evolution of Payment Card Security Through the Ages\" width=\"770\" height=\"433\" src=\"https:\/\/www.youtube.com\/embed\/1boEXDVkKjU?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>PCI DSS Requirements V.3.2.1<\/td><td>PCI DSS Requirements V.4.0<\/td><td>Example of What\u2019s Changed<\/td><\/tr><tr><td>1. Install and maintain a firewall configuration to protect cardholder data.<\/td><td>1. Install and maintain network security controls.<\/td><td>The term \u201cfirewall\u201d has been replaced by the broader \u201cnetwork security controls\u201d (NSCs), to include any technology used to control network traffic.<\/td><\/tr><tr><td>2. Do not use vendor-supplied defaults for system passwords and other security parameters.<\/td><td>2. Apply secure configurations to all system components. &nbsp;<\/td><td>The focus has switched from securing vendor default accounts and passwords to implementing secure configurations everywhere.<\/td><\/tr><tr><td>3. Protect stored cardholder data.<\/td><td>3. Protect stored account data. &nbsp;<\/td><td>Data protection and encryption must be extended to all account data.<\/td><\/tr><tr><td>4. Encrypt transmission of cardholder data across open, public networks.<\/td><td>4. Protect cardholder data with strong cryptography during transmission over open, public networks. &nbsp;<\/td><td><a href=\"https:\/\/csrc.nist.gov\/Projects\/Cryptographic-Standards-and-Guidelines\">Strong cryptography<\/a> and data encryption become the protagonists of this requirement.<\/td><\/tr><tr><td>5. Protect all systems against malware and regularly update anti-virus software or programs.<\/td><td>5. Protect all systems and networks from malicious software.<\/td><td>Malware protection is now extended to the organization\u2019s networks covering anything that might involve the cardholder data environment (CDE).<\/td><\/tr><tr><td>6.&nbsp; Develop and maintain secure systems and applications.<\/td><td>6. Develop and maintain secure systems and software &nbsp;<\/td><td>To reach compliance organizations will have to secure not only applications used to process or transmit payment data but all software included within the CDE.<\/td><\/tr><tr><td>7. Restrict access to cardholder data by business need to know.<\/td><td>7. Restrict access to system components and cardholder data by business need to know.<\/td><td>The key phrase here is <a href=\"https:\/\/owasp.org\/www-community\/Access_Control\">access control<\/a>. And it must cover every single system component.<\/td><\/tr><tr><td>8. Identify and authenticate access to system components.<\/td><td>8. Identify users and authenticate access to system components.<\/td><td>PCI DSS is introducing the idea that nobody is trusted (<a href=\"https:\/\/www.cloudflare.com\/learning\/security\/glossary\/what-is-zero-trust\/\">zero trust<\/a>).<\/td><\/tr><tr><td>9. Restrict physical access to cardholder data.<\/td><td>9. Restrict physical access to cardholder data.<\/td><td>As in the previous PCI DSS version, physical access protection is important.<\/td><\/tr><tr><td>10. Track and monitor all access to network resources and cardholder data.<\/td><td>10. Log and monitor all access to system components and cardholder data.<\/td><td>Log, monitor, and analyze accesses, but with the support of automation.<\/td><\/tr><tr><td>11. Regularly test security systems and processes.<\/td><td>11. Test the security of systems and networks regularly.<\/td><td>Define and document who does what regarding testing systems and networks.<\/td><\/tr><tr><td>12. Maintain a policy that addresses information security for all personnel.<\/td><td>12. Support information security with organizational policies and programs.<\/td><td>Everyone becomes responsible for the security of the organization&#8217;s payment data ecosystem.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">1. Install and Maintain Network Security Controls<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">As organizations increasingly rely on containers and cloud services, firewalls aren&#8217;t the only tools used to control and restrict network traffic. Therefore, the term &#8220;firewall&#8221; has been replaced by the broader &#8220;network security controls&#8221; (NSCs), which include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.cisco.com\/c\/en\/us\/products\/security\/what-is-network-access-control-nac.html\">Access control<\/a> solutions (NAC),<\/li>\n\n\n\n<li><a href=\"https:\/\/www.g2.com\/categories\/antivirus\/enterprise\">Anti-virus<\/a>, anti-malware, and spyware,<\/li>\n\n\n\n<li><a href=\"https:\/\/auth0.com\/docs\/get-started\/identity-fundamentals\/authentication-and-authorization\">Authentication and authorization<\/a> policies,<\/li>\n\n\n\n<li><a href=\"https:\/\/www.vmware.com\/topics\/glossary\/content\/network-virtualization.html\">Virtualization\/containers<\/a>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2. Apply Secure Configurations to All System Components<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>Until now, were you only removing default usernames and passwords? That isn&#8217;t enough anymore. The focus has now switched from securing vendor default accounts and passwords to implementing secure configurations everywhere. With the new PCI DSS requirements, for example, you&#8217;ll need to take things a few steps further:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Delete unused software, features, and accounts.<\/li>\n\n\n\n<li>Remove or disable unnecessary services.<\/li>\n\n\n\n<li>Document secure configurations and have a <a href=\"https:\/\/www.atlassian.com\/microservices\/microservices-architecture\/configuration-management\">configuration management process<\/a> in place.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3. Protect Stored Account Data<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">One of the most notable changes applies to the data itself. Data protection and encryption must be now extended to include all account data, not only cardholder data. This will include things like:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Email encryption using <a href=\"https:\/\/cheapsslsecurity.com\/blog\/what-is-s-mime-what-it-is-why-you-need-it\/\">S\/MIME certificates<\/a> (i.e., email signing certificates).<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"1006\" height=\"579\" src=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/how-smime-prevents-email-snooping.png\" alt=\"PCI DSS requirements graphic: An illustration that shows how using an S\/MIME email signing and encryption certificate can help keep cybercriminals from snooping around emails that contain sensitive cardholder data\" class=\"wp-image-7900\" srcset=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/how-smime-prevents-email-snooping.png 1006w, https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/how-smime-prevents-email-snooping-300x173.png 300w\" sizes=\"(max-width: 1006px) 100vw, 1006px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: The graphic shows how email signing certificates ensure that your messages (including those containing credit cardholder data) remain private<\/em>.<\/figcaption><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Encryption and immediate removal of sensitive authentication data (SAD) \u2013 e.g., the card security code and PIN \u2014 after the transaction has been completed.<\/li>\n\n\n\n<li>All <a href=\"https:\/\/www.investopedia.com\/terms\/p\/primary-account-number-pan.asp\">primary account numbers<\/a> (PAN) will have to be entirely encrypted by a <a href=\"https:\/\/csrc.nist.gov\/glossary\/term\/keyed_hash_algorithm\">keyed cryptographic hashed algorithm<\/a> (i.e., based on a secret key) to ensure data authenticity and integrity.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4. Protect Cardholder Data With Strong Cryptography During Transmission Over Open, Public Networks<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">With the cost of data breaches <a href=\"https:\/\/www.ibm.com\/reports\/data-breach\">skyrocketing<\/a>, <a href=\"https:\/\/csrc.nist.gov\/Projects\/Cryptographic-Standards-and-Guidelines\">strong cryptography<\/a> and data encryption have become the protagonists of this requirement. Join that <a href=\"https:\/\/www.entrust.com\/-\/media\/documentation\/reports\/2021-global-encryption-trends-exec-summary-re.pdf?la=en&amp;hash=6CEA2EF81E5E3323F7BBB35AA24241DB\">55% of technology and software companies<\/a> that were already using encryption in 2021. But why is encryption necessary for securing data over the internet? Because it\u2019s an insecure public network that otherwise leaves your information vulnerable to interception and theft. That\u2019s why the adoption of encryption has been steadily increasing with <a href=\"https:\/\/www.entrust.com\/-\/media\/documentation\/reports\/2021-global-encryption-trends-exec-summary-re.pdf?la=en&amp;hash=6CEA2EF81E5E3323F7BBB35AA24241DB\">55% of technology and software companies<\/a> already using it in 2020.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Authenticate your server using an <a href=\"https:\/\/cheapsslsecurity.com\/blog\/what-is-a-website-security-certificate\/\">SSL\/TLS certificate<\/a> to encrypt and secure your data transmissions. Now you can say goodbye to <a href=\"https:\/\/cheapsslsecurity.com\/blog\/types-of-man-in-the-middle-attacks\/\">man-in-the-middle attacks<\/a>. Want to know how it works? Check out the video below:<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"SSL Certificate Explained\" width=\"770\" height=\"433\" src=\"https:\/\/www.youtube.com\/embed\/SJJmoDZ3il8?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ensure that the digital certificates you use to transmit cardholder data over the network aren\u2019t <a href=\"https:\/\/cheapsslsecurity.com\/blog\/what-does-security-certificate-expired-mean\/\">expired or revoked<\/a>. If they are, then you might as well hand your customers\u2019 account data to bad guys on a silver platter for all the good that using an expired or revoked certificate will do for you\u2026 &nbsp;<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"997\" height=\"579\" src=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/how-cybercriminals-exploit-expired-code-signing-certificates.png\" alt=\"\" class=\"wp-image-7901\" srcset=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/how-cybercriminals-exploit-expired-code-signing-certificates.png 997w, https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/how-cybercriminals-exploit-expired-code-signing-certificates-300x174.png 300w\" sizes=\"(max-width: 997px) 100vw, 997px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: This is how attackers can exploit expired code signing certificates to gain access to your cardholder&#8217;s data.<\/em><\/figcaption><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Implement a <a href=\"https:\/\/cheapsslsecurity.com\/blog\/the-7-ultimate-ssl-certificate-tools-for-effortless-ssl-management\/\">certificate and key management process<\/a>. It&#8217;ll help you avoid being part of <a href=\"https:\/\/www.keyfactor.com\/state-of-machine-identity-management-2022\/\">80% of organizations<\/a> that faced multiple outages due to expired certificates in 2021.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5. Protect All Systems and Networks From Malicious Software<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The number of detected <a href=\"https:\/\/cheapsslsecurity.com\/blog\/what-is-phishing-a-3-minute-phishing-definition-explanation\/\">phishing<\/a> attacks <a href=\"https:\/\/www.slashnext.com\/blog\/state-of-phishing-report-reveals-more-than-255-million-attacks-in-2022\/\">jumped<\/a><a href=\"https:\/\/www.slashnext.com\/blog\/state-of-phishing-report-reveals-more-than-255-million-attacks-in-2022\/\"><\/a><a href=\"https:\/\/www.slashnext.com\/blog\/state-of-phishing-report-reveals-more-than-255-million-attacks-in-2022\/\"> to 225 million<\/a> in the last six months of 2022. That\u2019s a marked increase of 61% increase compared to 2021. This may be part of the reason why PCI DSS v4.0 extended malware protection to the organization\u2019s networks, covering anything that might involve the cardholder data environment (CDE). But what does this mean for you?<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Always redirect your website traffic to use the more secure <a href=\"https:\/\/cheapsslsecurity.com\/blog\/your-guide-to-https-port-443-and-why-its-critical-to-security\/\">port 443<\/a> (i.e., enable the secure HTTPS protocol).<\/li>\n\n\n\n<li>Train your users to detect and <a href=\"https:\/\/cheapsslsecurity.com\/blog\/how-to-recognize-and-avoid-common-phishing-scams\/\">recognize phishing<\/a> and <a href=\"https:\/\/cheapsslsecurity.com\/blog\/what-is-voice-phishing-vishing-definition-meaning\/\">vishing<\/a> attacks.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"575\" src=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/pci-dss-data-vishing-example-1024x575.png\" alt=\"PCI DSS requirements graphic: An illustration that shows how a cybercriminal can use phishing tactics via phone (voice phishing or vishing) to trick employees into handing over sensitive cardholder data\" class=\"wp-image-7902\" srcset=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/pci-dss-data-vishing-example-1024x575.png 1024w, https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/pci-dss-data-vishing-example-300x168.png 300w, https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/pci-dss-data-vishing-example.png 1044w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: This is how cybercriminals can use voice phishing (vishing) tactics on an employee to steal a company&#8217;s cardholder data.<\/em><\/figcaption><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Regularly perform malware scans with <a href=\"https:\/\/www.g2.com\/search?utf8=\u2713&amp;query=malware\">anti-malware<\/a> and <a href=\"https:\/\/www.capterra.com\/network-security-software\/\">network security<\/a> software.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6. Develop and Maintain Secure Systems and Software<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">To reach compliance, organizations will have to secure not only applications used to process or transmit payment data but also all software included within the CDE. Does it mean that an organization&#8217;s website and its entire authentication system will also have to be secure? Yup! That&#8217;s exactly the idea.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Implement a <a href=\"https:\/\/www.cloudflare.com\/learning\/ddos\/glossary\/web-application-firewall-waf\/\">web application firewall<\/a> (WAF) to protect all customer-facing applications from attacks like <a href=\"https:\/\/owasp.org\/www-community\/attacks\/xss\/\">cross-site scripting<\/a> (XSS), <a href=\"https:\/\/www.simplilearn.com\/tutorials\/cyber-security-tutorial\/what-is-sql-injection\">SQL injection<\/a> and <a href=\"https:\/\/www.cloudflare.com\/learning\/ddos\/what-is-a-ddos-attack\/\">DDoS<\/a> attacks.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"988\" height=\"570\" src=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/xss-steal-pci-data.png\" alt=\"PCI DSS requirements graphic: An illustration of how cybercriminals can use cross-scripting attacks to steal cardholder data \" class=\"wp-image-7903\" srcset=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/xss-steal-pci-data.png 988w, https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/xss-steal-pci-data-300x173.png 300w\" sizes=\"(max-width: 988px) 100vw, 988px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: With XSS attacks cybercriminals can get hold of cardholder data.<\/em><\/figcaption><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Critical and high-security patches must be installed no later than one month after their releases.<\/li>\n\n\n\n<li>List all your custom-developed and third-party software. Make a list of all their \u201cingredients\u201d (i.e., all components, libraries and modules used to build each piece of software) using a <a href=\"https:\/\/ntia.gov\/page\/software-bill-materials\">software bill of materials<\/a> (SBOM).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7. Restrict Access to System Components and Cardholder Data by Business Need to Know<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The key phrase here is <a href=\"https:\/\/owasp.org\/www-community\/Access_Control\">access control<\/a>. And it must cover every system component. What are some of the new requirements?<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Systematically review user accounts and access permissions.<\/li>\n\n\n\n<li>Roles and responsibilities must be documented and understood by every user (e.g., who can access what). Did I mention that this new point has been added to all 12 requirements?<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8. Identify Users and Authenticate Access to System Components<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">By looking at the newly added requirements, it seems that PCI DSS is introducing the idea that nobody is trusted (<a href=\"https:\/\/www.cloudflare.com\/learning\/security\/glossary\/what-is-zero-trust\/\">zero trust<\/a>). Are you still allowing eight or seven-character-length passwords? Beware! Their time is gone. There&#8217;s also a deeper focus on the National Institute of Standards and Technology NIST <a href=\"https:\/\/pages.nist.gov\/800-63-3\/sp800-63b.html\">password guidance<\/a> and multi-factor authentication (MFA). Below are a few examples:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Don\u2019t allow passwords with less than seven alphanumeric characters. Important: this will remain a best practice only till March 2025. After that, it\u2019ll be a minimum of 12 characters.<\/li>\n\n\n\n<li>Lock accounts with more than 10 failed login attempts.<\/li>\n\n\n\n<li>Implement MFA for all users and admins, including remote access.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"What is MFA? | Identity 101\" width=\"770\" height=\"433\" src=\"https:\/\/www.youtube.com\/embed\/irtfBV9zd5M?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">9. Restrict Physical Access to Cardholder Data<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Why should you go through all this hassle to digitally protect your cardholder data when everybody in the company has free access to your data center? As in the previous PCI DSS version, physical access protection is important.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Media containing cardholder data must be securely locked up when not in use.<\/li>\n\n\n\n<li>Systematically perform a targeted <a href=\"https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-30\/rev-1\/final\">risk analysis<\/a> to ensure that no <a href=\"https:\/\/listings.pcisecuritystandards.org\/assessors_and_solutions\/pin_transaction_devices?agree=true\">point of interaction<\/a> (POI) device (the payment device [e.g., POS]) has been tampered with.<\/li>\n\n\n\n<li>Define the frequency of inspection based on the risk analysis results.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">10. Log and Monitor All Access to System Components and Cardholder Data<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Log, monitor, and analyze accesses, but with the support of automation. On top of that for example you&#8217;ll have to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Perform automated audit logs review. Can&#8217;t afford to spend too much money on it? Some <a href=\"https:\/\/opensource.com\/article\/19\/4\/log-analysis-tools\">open-source alternatives<\/a> can help you.<\/li>\n\n\n\n<li>Run a risk analysis to define how often logs will have to be reviewed.<\/li>\n\n\n\n<li>Implement a control and alert system for critical components by end of March 2025. Log parsing tools like <a href=\"https:\/\/www.elastic.co\/kibana\/\">Kibana<\/a> or <a href=\"https:\/\/grafana.com\/\">Grafana<\/a> offer these kinds of features and more.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">11. Test the Security of Systems and Networks Regularly<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Define and document who does what regarding testing systems and networks. Good news: all other new requirements under this point will be considered best practices only until the end of March 2025.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Internal vulnerability scans will have to be performed as a logged-in user (i.e., <a href=\"https:\/\/www.techtarget.com\/whatis\/definition\/authenticated-security-scan\">authenticated scanning<\/a>). This means that black box (unauthenticated) pentestings won\u2019t be enough anymore.<\/li>\n\n\n\n<li>Implement detection and alert mechanisms to identify <a href=\"https:\/\/crashtest-security.com\/invalid-host-header\/\">unauthorized modifications of HTTPS headers<\/a> or customer payment forms. Do you remember <a href=\"https:\/\/www.wallarm.com\/what\/what-is-magecart-attack-how-to-prevent-it\">Magecart attack<\/a>? As this kind of malware is <a href=\"https:\/\/sansec.io\/research\/trojanorder-magento\">still alive and kicking<\/a>, adding some extra protection won\u2019t hurt.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">12. Support Information Security With Organizational Policies and Programs<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">With the advent of PCI DSS v.4.0, everybody in the organization is invited to the information security party. Yup! Everyone becomes responsible for the security of the organization&#8217;s payment data ecosystem. And there&#8217;s more:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Assess all hardware and software used within the organization at least once a year.<\/li>\n\n\n\n<li>To <a href=\"https:\/\/www.nist.gov\/news-events\/news\/2022\/07\/nist-announces-first-four-quantum-resistant-cryptographic-algorithms\">keep up with changes<\/a> encryption algorithms used must be reviewed every 12 months. Are you still using the deprecated <a href=\"https:\/\/csrc.nist.gov\/News\/2017\/Research-Results-on-SHA-1-Collisions\">SHA-1 algorithm<\/a>? Replace it with the more secure <a href=\"https:\/\/csrc.nist.gov\/Projects\/Hash-Functions\/NIST-Policy-on-Hash-Functions\">SHA-256<\/a>.&nbsp;<\/li>\n\n\n\n<li>All employees should attend a reviewed awareness security training at least once a year.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">That\u2019s it! This is our quick overview of the key changes brought by version 4.0 to the PCI DSS requirements. As you can see there\u2019s something for every single employee of companies handling cardholder data. Want to know more? Don\u2019t miss the <a href=\"https:\/\/www.pcisecuritystandards.org\/documents\/PCI-DSS-v3-2-1-to-v4-0-Summary-of-Changes-r1.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">PCI DSS comparative document<\/a> showing the changes between v3.2.1 and v.4.0 in more detail.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Final Thoughts About A 6-Minute Overview of the PCI DSS Requirements<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">It&#8217;s important to note that these are just a few of the changes from the previous PCI DSS requirements. There are others, but we won&#8217;t go into all of them individually in this article. We know it can look overwhelming at first, but implementing PCI DSS v4.0 will enable you to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Successfully address new threats to payment card data,<\/li>\n\n\n\n<li>Manage security as a continuous process, and<\/li>\n\n\n\n<li>Give you that much-needed flexibility (e.g., the possibility to choose between different approaches and how often to perform certain activities) to achieve data security and compliance.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Now that you know what&#8217;s changing, filling the gaps is going to be much easier. Start the new year with a bang and put your organization ahead of the pack with a transition plan. Get ready for the switch!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the U.S., the costs of fraud for ecommerce and retail companies have shot up, reaching $3.75 for each $1 of fraud including credit card data. It\u2019s one example of why businesses need to abide by Payment Card Industry Data Security Standards \u2014 and here\u2019s an overview of the PCI DSS requirements you need to<\/p>\n","protected":false},"author":8,"featured_media":7908,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[417],"tags":[782,803],"class_list":["post-7897","post","type-post","status-publish","format-standard","has-post-thumbnail","category-cybersecurity","tag-pci-dss","tag-pci-dss-requirements"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>A 6-Minute Overview of the PCI DSS Requirements [For PCI DSS v.4.0]<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cheapsslsecurity.com\/blog\/overview-pci-dss-requirements-v4-0\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A 6-Minute Overview of the PCI DSS Requirements [For PCI DSS v.4.0]\" \/>\n<meta property=\"og:description\" content=\"In the U.S., the costs of fraud for ecommerce and retail companies have shot up, reaching $3.75 for each $1 of fraud including credit card data. It\u2019s one example of why businesses need to abide by Payment Card Industry Data Security Standards \u2014 and here\u2019s an overview of the PCI DSS requirements you need to\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cheapsslsecurity.com\/blog\/overview-pci-dss-requirements-v4-0\/\" \/>\n<meta property=\"og:site_name\" content=\"Savvy Security\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cheapsslsecurities\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-16T19:36:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-12-16T19:36:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/pci-dss-requirements-v4.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Savvy Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@sslsecurity\" \/>\n<meta name=\"twitter:site\" content=\"@sslsecurity\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Savvy Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/overview-pci-dss-requirements-v4-0\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/overview-pci-dss-requirements-v4-0\\\/\"},\"author\":{\"name\":\"Savvy Security\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/#\\\/schema\\\/person\\\/1ce9a5743b7f25b5be6e4972864b4493\"},\"headline\":\"A 6-Minute Overview of the PCI DSS Requirements [For PCI DSS v.4.0]\",\"datePublished\":\"2022-12-16T19:36:08+00:00\",\"dateModified\":\"2022-12-16T19:36:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/overview-pci-dss-requirements-v4-0\\\/\"},\"wordCount\":2380,\"image\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/overview-pci-dss-requirements-v4-0\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/pci-dss-requirements-v4.jpg\",\"keywords\":[\"PCI DSS\",\"PCI DSS Requirements\"],\"articleSection\":[\"SMB Cybersecurity\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/overview-pci-dss-requirements-v4-0\\\/\",\"url\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/overview-pci-dss-requirements-v4-0\\\/\",\"name\":\"A 6-Minute Overview of the PCI DSS Requirements [For PCI DSS v.4.0]\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/overview-pci-dss-requirements-v4-0\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/overview-pci-dss-requirements-v4-0\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/pci-dss-requirements-v4.jpg\",\"datePublished\":\"2022-12-16T19:36:08+00:00\",\"dateModified\":\"2022-12-16T19:36:10+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/#\\\/schema\\\/person\\\/1ce9a5743b7f25b5be6e4972864b4493\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/overview-pci-dss-requirements-v4-0\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/overview-pci-dss-requirements-v4-0\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/overview-pci-dss-requirements-v4-0\\\/#primaryimage\",\"url\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/pci-dss-requirements-v4.jpg\",\"contentUrl\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/pci-dss-requirements-v4.jpg\",\"width\":1600,\"height\":1000},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/overview-pci-dss-requirements-v4-0\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A 6-Minute Overview of the PCI DSS Requirements [For PCI DSS v.4.0]\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/\",\"name\":\"Savvy Security\",\"description\":\"Practical cybersecurity advice\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/#\\\/schema\\\/person\\\/1ce9a5743b7f25b5be6e4972864b4493\",\"name\":\"Savvy Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g\",\"caption\":\"Savvy Security\"},\"description\":\"Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24\\\/7 security teams.\",\"sameAs\":[\"blogadmin\"],\"url\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/author\\\/blogadmin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A 6-Minute Overview of the PCI DSS Requirements [For PCI DSS v.4.0]","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cheapsslsecurity.com\/blog\/overview-pci-dss-requirements-v4-0\/","og_locale":"en_US","og_type":"article","og_title":"A 6-Minute Overview of the PCI DSS Requirements [For PCI DSS v.4.0]","og_description":"In the U.S., the costs of fraud for ecommerce and retail companies have shot up, reaching $3.75 for each $1 of fraud including credit card data. It\u2019s one example of why businesses need to abide by Payment Card Industry Data Security Standards \u2014 and here\u2019s an overview of the PCI DSS requirements you need to","og_url":"https:\/\/cheapsslsecurity.com\/blog\/overview-pci-dss-requirements-v4-0\/","og_site_name":"Savvy Security","article_publisher":"https:\/\/www.facebook.com\/cheapsslsecurities","article_published_time":"2022-12-16T19:36:08+00:00","article_modified_time":"2022-12-16T19:36:10+00:00","og_image":[{"width":1600,"height":1000,"url":"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/pci-dss-requirements-v4.jpg","type":"image\/jpeg"}],"author":"Savvy Security","twitter_card":"summary_large_image","twitter_creator":"@sslsecurity","twitter_site":"@sslsecurity","twitter_misc":{"Written by":"Savvy Security","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/cheapsslsecurity.com\/blog\/overview-pci-dss-requirements-v4-0\/#article","isPartOf":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/overview-pci-dss-requirements-v4-0\/"},"author":{"name":"Savvy Security","@id":"https:\/\/cheapsslsecurity.com\/blog\/#\/schema\/person\/1ce9a5743b7f25b5be6e4972864b4493"},"headline":"A 6-Minute Overview of the PCI DSS Requirements [For PCI DSS v.4.0]","datePublished":"2022-12-16T19:36:08+00:00","dateModified":"2022-12-16T19:36:10+00:00","mainEntityOfPage":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/overview-pci-dss-requirements-v4-0\/"},"wordCount":2380,"image":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/overview-pci-dss-requirements-v4-0\/#primaryimage"},"thumbnailUrl":"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/pci-dss-requirements-v4.jpg","keywords":["PCI DSS","PCI DSS Requirements"],"articleSection":["SMB Cybersecurity"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/cheapsslsecurity.com\/blog\/overview-pci-dss-requirements-v4-0\/","url":"https:\/\/cheapsslsecurity.com\/blog\/overview-pci-dss-requirements-v4-0\/","name":"A 6-Minute Overview of the PCI DSS Requirements [For PCI DSS v.4.0]","isPartOf":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/overview-pci-dss-requirements-v4-0\/#primaryimage"},"image":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/overview-pci-dss-requirements-v4-0\/#primaryimage"},"thumbnailUrl":"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/pci-dss-requirements-v4.jpg","datePublished":"2022-12-16T19:36:08+00:00","dateModified":"2022-12-16T19:36:10+00:00","author":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/#\/schema\/person\/1ce9a5743b7f25b5be6e4972864b4493"},"breadcrumb":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/overview-pci-dss-requirements-v4-0\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cheapsslsecurity.com\/blog\/overview-pci-dss-requirements-v4-0\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cheapsslsecurity.com\/blog\/overview-pci-dss-requirements-v4-0\/#primaryimage","url":"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/pci-dss-requirements-v4.jpg","contentUrl":"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2022\/12\/pci-dss-requirements-v4.jpg","width":1600,"height":1000},{"@type":"BreadcrumbList","@id":"https:\/\/cheapsslsecurity.com\/blog\/overview-pci-dss-requirements-v4-0\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cheapsslsecurity.com\/blog\/"},{"@type":"ListItem","position":2,"name":"A 6-Minute Overview of the PCI DSS Requirements [For PCI DSS v.4.0]"}]},{"@type":"WebSite","@id":"https:\/\/cheapsslsecurity.com\/blog\/#website","url":"https:\/\/cheapsslsecurity.com\/blog\/","name":"Savvy Security","description":"Practical cybersecurity advice","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cheapsslsecurity.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/cheapsslsecurity.com\/blog\/#\/schema\/person\/1ce9a5743b7f25b5be6e4972864b4493","name":"Savvy Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g","caption":"Savvy Security"},"description":"Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24\/7 security teams.","sameAs":["blogadmin"],"url":"https:\/\/cheapsslsecurity.com\/blog\/author\/blogadmin\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/posts\/7897","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/comments?post=7897"}],"version-history":[{"count":0,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/posts\/7897\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/media\/7908"}],"wp:attachment":[{"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/media?parent=7897"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/categories?post=7897"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/tags?post=7897"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}