The Payment Card Industry Data Security Standard (PCI DSS) and the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework share the common goal of enhancing data security. This session maps PCI DSS to the NIST Framework and discuss how to align security efforts to meet objectives in both PCI DSS and the NIST Framework.
PCI DSS is focused on the unique security threats and risks present in the payments industry
The NIST Framework provides an overarching security and risk-management structure with security Functions, Categories, and Subcategories of actions. These Subcategories reference globally recognized standards for cybersecurity.
Both PCI DSS and the NIST Framework are solid security approaches that address common security goals and principles as relevant to specific risks.
We will discuss how the NIST Framework identifies general security outcomes and activities, and how PCI DSS provides specific direction and guidance on how to meet security outcomes for payment environments.
This session will also discuss the interesting attribute based access control (ABAC) as a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment conditions against policy, rules, or relationships that describe the allowable operations for a given set of attributes. This session also provides considerations for using ABAC to improve information sharing within organizations and between organizations while maintaining control of that information.