So, you saw the PCI 1.2 announcement? standard
Is anyone else still just wondering what exactly this means for your business? The summary does definitely answer a few questions, but I am wondering if someone was pressuring the council to release something, ANYTHING, about the new revision. One thing that concerns me as a QSA is the amount of variance that will be introduced in the interpretation of some of the clarifications. For example, right off the bat we see the opportunity for interpretation in the clarification under Requirement 1: Added flexibility in the time frame for review of firewall rules, from quarterly to every 6 months, based on Participating Organization feedback. Now the control can be better customized to the organization’s risk management policies. On the surface, ...
Continue Reading