Let's make compliance fun!


If you are like most information technology and information security professionals, the idea of becoming compliant with PCI DSS or countless other regulations doesn't sound fun. It's much more common to associate compliance efforts with pain. Whether it's the pain of not knowing what to do, pain of failing your first assessment, or pain of complying without any budget, there are plenty of challenges for anyone tasked with doing this well.

We faced a challenge, to write a fun, useful, and insightful book about PCI DSS. We are committed to the challenge! We’d like to invite you, our reader, to travel with us in the hopes that when you turn the last page, you would come to realize that PCI DSS compliance can indeed be fun!

We have an active community and website over at GitHub with links to all kinds of materials to help you along your journey. Check out our GitHub Repository that supports the book for links, discussions, our Discord Server, errata, and more!

Meet the Team


Avatar Team Member

Branden Williams

Author

Avatar Team Member

James K. Adamson

Author

Avatar Team Member

Yousef Hamade

Technical Editor

Order PCI Compliance, 5th Edition now!

Reviews


Want to know what industry experts say who have read our book? Here's just a few thoughts from people you can trust.

What's Inside


We've compiled a solid PCI DSS guide that is grounded in decades of cybersecurity and compliance experience. Our goal is to share stories, tips, and tricks from the field, and arm you with everything you need to get through PCI DSS. And maybe have a little bit of fun along the way.

Community

See our evolving guide with community discussions and tools to help you build a sustainable PCI program.

Case Studies

Stories of PCI DSS challenges help connect the technical dots with practical advice on compliance.

All Inclusive

We cover all aspects of PCI as it relates to small and large businesses from merchants to service providers.

Let's Talk PCI DSS


We're blogging about it! If you have ideas for posts, don't hesitate to reach out and let us know. But in the meantime, here's a selection of recent posts on PCI DSS.

Article Blog Image

PCI DSS 4.0.1 Update

Assessments

PCI DSS 4.0.1 is public as of June 11, 2024, about two years and three months after the initial release of PCI DSS 4.0. Minor updates like this after such a major overhaul is expected, especially as all of you get your hands on the documents and start using them in assessments.

Article Blog Image

iFrames and PCI DSS 4.0 (including SAQ A)

Assessments

PCI DSS compliance dates are fast approaching, and we are a little more than a year away from the SAQ A iFrame changes that many merchants and service providers will need to deal with. iFrames used to be the primary escape hatch that companies would use to avoid bringing vast parts of their websites into scope for PCI DSS, but this has now changed.

Article Blog Image

Get Ready for your PCI DSS 4.0 Gap Assessment

Assessments

It’s that time of the year (or at least it was) when we earnestly weigh pushing tasks to next year, with a focus on what might be coming across our task lists. And perhaps you are looking at that PCI DSS 4.0 gap assessment as something to get done prior to 2024 budgeting season.