Complying With PCI DSS Requirement 6.6

In April 2008, PCI Security Standards Council (SSC) publically released a clarification on PCI DSS Requirement 6.6 and provided two possible options to use for business compliance. The compliance deadline for Requirement 6.6 remains on June 30th, 2008, and with released clarifications, companies now have enough information and options to develop a sound compliance strategy. This paper will examine the clarifications provided by PCI SSC and suggest the most effective and reliable ways to comply.