PCI DSS and the "Top 20" Critical Security Controls


The majority of IT security guidance to industry can be placed into one of these categories: benchmarks, standards, frameworks and regulations. An ongoing challenge is how to navigate the myriad source materials, identify the most salient and effective components of each document, and then use that information to build the most effective security program for your organization.

Comparing security frameworks leads to strategic insights to help organizations:

  • Adjust their security programs and better address overall cyber security
  • Understand and communicate the value of security and regulatory compliance investments
  • Relate cyber security to business objectives

Tripwire offers this comparison of the Payment Card Industry Data Security Standards (PCI DSS) and the Council on CyberSecurity’s Critical Security Control (CSC) documents to help you and your organization understand the benefits and values of each, and to help you take advantage of them within your organization.