August 19, 2008

Details in upcoming PCI DSS released

New changes in the Payment Card Industry Data Security Standard (PCI DSS) version 1.2 have been disclosed prior to its release in October.

According to a summary of the changes released by the PCI Security Standards Council (PCI), the modifications include clarifications and explanations of requirements to adhere to the guidelines of the council.

In a statement, the PCI said, “These clarifications will eliminate existing redundant sub-requirements while improving scoping and reporting requirements. When version 1.2 is released, incorporating existing best practices, supporting documents will also be updated and consolidated.”

According to a notice posted on the PCI website, “Version 1.2 of the PCI DSS is a revision to the standard that does not introduce any new requirements. Therefore, version 1.2 will become effective immediately upon public release, currently scheduled for [Oct. 1]. The sunset date for version 1.1 has not yet been determined, but will be at a minimum three months after the publication date.”

Bob Russo, general manager of the PCI Security Standards Council, said in a statement: “Version 1.2 should be seen as an improvement, not a departure from tried and true best security practices. By distributing a summary of the forthcoming changes, we are ensuring that stakeholders are not taken by surprise by any of the clarifications.”

Editorial

Threat of the month

Hacked court system website leads to 160k stolen SSNs

A special ebook from SC Magazine: Education

eSymposium: Privacy and security May 21

Details in upcoming PCI DSS released

Next Article in News

Judge denies five-month gag in transit hack case

SC Magazine Articles

More in News

Privacy-bolstering "Apps Act" introduced in House

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs