Thursday, August 12, 2010

No New Requirements in PCI DSS Update

The new version of the Payment Card Industry Data Security Standard (PCI DSS) includes no new requirements, just clarifications and new guidance on existing components.

The PCI Security Standards Council has released a summary of the expected changes to PCI DSS and the Payment Application Data Security Standard.

Among the clarifications to PCI: the DSS now reinforces the need for merchants to use a "discovery methodology" to find cardholder data in their networks; the PA-DSS now includes centralized logging; and organizations will be able to consider specific risks that apply to them when assessing and prioritizing vulnerabilities. 

In addition, all three PCI Standards (PCI DSS, PA-DSS and PTS requirements) will operate on a three year lifecycle.


A more detailed summary of the proposed versions 2.0 of PCI DSS and PA DSS will be released in September, prior to the council's community meetings. The final version of the amended standards is expected to be released on Oct. 28, then go into effect on Jan. 11, 2011.

See companion post: PCI Standards: Room for Improvement

No comments:

Web Analytics