Article evaluation on Payment Card Industry Data Security Standard

edit

This article is a well-written comprehensive summary of Payment Card Industry Data Security Standard (PCI DSS). It first provides a history of how this standard has become the version it is today and it then discusses the 12 sections of the requirements from a high-level perspective. It goes on talking about supplemental information the comes with PCI DSS as well as its assessment and compliance.

While everything in this article is relevant to the topic, one section that talks about WLAN is somewhat distracting for me. I am not sure as to why it all of a sudden starts to talk about wireless local area network in specific details. I am sure WLAN is an important area in the PCI requirements but so as others such as system hardening, patching, password management, access control, etc. Why did the author just talk about WLAN in particular? Unless there is a reason that explains why it is worth an entire section of this article, it should be deleted as it is obviously over-represented.

Despite my concerns regarding the WLAN section, the article overall is neutral and the references are well updated. PCI DSS just had a major update this year in May so I am glad to see changes in content and reference reflecting the update. The references are also from accredited sources such as the official PCI Security Standards Council who wrote PCI DSS and some other online posts. However I did notice that 1/3 of the references are from one source, Cryptomathic. I think the reference pool needs to be more diversified to avoid bias for future reference.