PCI-DSS Compliance

44 views
Skip to first unread message

kathy.kam...@gmail.com

unread,
Sep 30, 2014, 6:12:11 PM9/30/14
to big-xii-business-e...@googlegroups.com
FTE responsible for PCI-DSS compliance at your institution?
Total number of merchants managed?
Do you require external assessors to evaluate cardholder data environments and/or merchant compliance?
What are the actions being taken at your institution regarding DSS 3.0?

ehros...@gmail.com

unread,
Oct 13, 2014, 12:18:10 PM10/13/14
to big-xii-business-e...@googlegroups.com, kathy.kam...@gmail.com
Univ of Texas at Austin

FTE responsible for PCI-DSS compliance at your institution?

It is a shared responsibility among 5 people but it is not equivalent to 1 FTE.

Total number of merchants managed?

157 MC/V merchant IDs; 104 AMEX merchant IDs; 120 DISCOVER merchant IDs

Do you require external assessors to evaluate cardholder data environments and/or merchant compliance?

Yes

What are the actions being taken at your institution regarding DSS 3.0?

We are in process of preparing for a gap analysis by a qualified security assessor (QSA).

krist...@gmail.com

unread,
Oct 16, 2014, 12:33:27 PM10/16/14
to big-xii-business-e...@googlegroups.com, kathy.kam...@gmail.com
Iowa State University

FTE: 1
# of Merchants: 82
External assessors: NO. Still level 4.
Work with internal ITS to make changes as necessary.

Katrina Yoakum

unread,
Oct 21, 2014, 1:38:25 PM10/21/14
to big-xii-business-e...@googlegroups.com

University of Kansas:

  • FTE responsible for PCI-DSS compliance at your institution?

  • KU has 9 staff members responsible for PCI-DSS compliance: 3 IT Security, 3 Enterprise Development, and 2 Comptroller’s Office staff.

  • Total number of merchants managed?

  • 59 merchants managed; 4 affiliates within ecommerce environment; 6 additional departments which utilize hosted applications

  • Do you require external assessors to evaluate cardholder data environments and/or merchant compliance?

    Yes

    • What are the actions being taken at your institution regarding DSS 3.0?

      • eCommerce Leadership Team is reviewing all 3.0 critieria

      • Reviewing all direct and redirect interfaces between applications

      • Quarterly scans expanded

      • Reviewing business processes

      • Assuring centralized security for ecommerce applications – designated servers

      • Updating training

     

    Resource Contact:

    Danita Robinson, Asst. Comptroller for Financial Accounting & Cash Control, dro...@ku.edu

     

    fwillbrant

    unread,
    Oct 21, 2014, 6:09:04 PM10/21/14
    to big-xii-business-e...@googlegroups.com, kathy.kam...@gmail.com
    Kansas State University Response

    On Tuesday, September 30, 2014 5:12:11 PM UTC-5, kathy.kam...@gmail.com wrote:
    FTE responsible for PCI-DSS compliance at your institution?   Approximately 1.5 (however this is spread over multiple people since we do not have a single person dedicated to this effort)
    Total number of merchants managed? approximately 50, mostly by department, some are very small.
    Do you require external assessors to evaluate cardholder data environments and/or merchant compliance?  No, doing internally.  Using software tool from Coalfire for annual compliance SAQ's.  Coalfire was utilized for initial assessment. 
    What are the actions being taken at your institution regarding DSS 3.0?  Still working on interpretations, but will need to work with the campus heavily over next several months.
    Reply all
    Reply to author
    Forward
    0 new messages