PCI DSS v2.0 - Sneak Peak Revealed

he PCI Security Standards Council unveiled a summary of changes expected to appear in version 2.0 of the Payment Card Industry Data Security Standard (PCI DSS), which will be published October 28, 2010. Finally, after years of waiting and certainly hundreds of conversations with stakeholders and the card brands, the PCI SSC has release the highlights of the long-anticipated PCI DSS 2.0.

According to the PCI Security Standards Council, the updated PCI standard, which will now be refreshed every three years instead of two, was based on hundreds of pieces of feedback. PCI DSS 2.0 incorporates a stronger emphasis on scoping sensitive data and a more risk-based approach for assessing vulnerabilities. Some believe, however, that the bigger news is not what is included in the revised standard, but what IS NOT included.

“I think the reaction to what’s missing is the most important part of this announcement because it will push the council to move faster on areas they have not yet,” Avivah Litan, vice president and distinguished analyst at Gartner, told SCMagazineUS.com. “A lot of fundamental questions are still unanswered.”

A summary of upcoming changes to the PCI DSS is available online at https://www.pcisecuritystandards.org/pdfs/summary_of_changes_highlights.pdf.

Posted by .(JavaScript must be enabled to view this email address) on 08/25 at 02:01 PM

Next entry: 201 CMR 17.00 About To Be Enforced?

Previous entry: Are Fax Transmissions Covered Under 201 CMR 17.00?

<< Back to main

About

This is the TBG Security Blog. Here you'll find news and information about IT Security. At TBG Security we’re agnostic when it comes to products, so you can be assured that the opinions posted here are not tainted by any vendor endorsements. These are simply our thoughts and insights on the world of information security as we see it. .

Most recent entries

Syndicate

Atom
RSS 2.0

About

Categories

Archive

Most recent entries

Blogroll

Syndicate