Compliance Management, Security Strategy, Plan, Budget

Details in upcoming PCI DSS released

New changes in the Payment Card Industry Data Security Standard (PCI DSS) version 1.2 have been disclosed prior to its release in October.

According to a summary of the changes released by the PCI Security Standards Council (PCI), the modifications include clarifications and explanations of requirements to adhere to the guidelines of the council.

In a statement, the PCI said, “These clarifications will eliminate existing redundant sub-requirements while improving scoping and reporting requirements. When version 1.2 is released, incorporating existing best practices, supporting documents will also be updated and consolidated.”

According to a notice posted on the PCI website, “Version 1.2 of the PCI DSS is a revision to the standard that does not introduce any new requirements. Therefore, version 1.2 will become effective immediately upon public release, currently scheduled for [Oct. 1]. The sunset date for version 1.1 has not yet been determined, but will be at a minimum three months after the publication date.”

Bob Russo, general manager of the PCI Security Standards Council, said in a statement: “Version 1.2 should be seen as an improvement, not a departure from tried and true best security practices. By distributing a summary of the forthcoming changes, we are ensuring that stakeholders are not taken by surprise by any of the clarifications.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.