Date Added: Oct 2012
Many organizations pass a PCI DSS audit, but still find themselves in the news after suffering a security breach. Part of the issue may be that the configuration settings were compliant with the settings specified in the PCI DSS, but only for a point in time. But what happens as soon as the audit is over and changes to computer system configurations take those systems out of compliance? The true intent of the PCI DSS is not for organizations to be compliant at a single point in time, but instead to maintain a compliant state over time, in the face of inevitable change that occurs to in-scope systems.