How Carnegie Mellon Increased Its Security Posture and Confidence
As a global research university, Carnegie Mellon University (CMU) is a birthplace of innovation, pioneering solutions for the world. Welcoming students from over 100 countries, CMU takes protecting their sensitive data seriously. Changes to the Payment Card Industry Data Security Standard brought new challenges and requirements, so CMU’s PCI DSS Compliance Project Team found a security and compliance expert to lead compliance efforts and remediate data security risks.
“SecurityMetrics’ deep understanding of the PCI DSS requirements combined with their ability to apply the standards to our specific landscape built credibility with our campus stakeholders and allowed us to confidently report our compliance.”
Carnegie Mellon University
PCI DSS compliance project team
Defining cardholder data environment (CDE) scope was difficult because we work in a decentralized environment. Correctly identifying which people and systems impact the CDE was very important.
Our homegrown ecommerce system required us to report compliance at an SAQ D level. We wanted to be certain that we interpreted the applicable requirements correctly.
Because the Gap Assessor was a Qualified Security Assessor (QSA) who regularly performs PCI DSS audits, he had working knowledge and experience with testing the requirements. He worked with us to understand PCI requirements and the security concerns they address.
Our assessor had real world IT understanding, allowing him to translate the requirements into our environment. He worked with us on all remediation efforts to ensure we were meeting the requirements.
His understanding of both the IT/PCI DSS requirements, as well as his QSA experience with other university clients gave him credibility with both the IT staff and the business partners around campus.
.svg)
