While the official release does not happen until two weeks from today, many key stakeholders now have a copy of the pre-release version. What can you expect?
You can expect THIS blogger to honor his NDA!
Seriously though, are you ready? Version 1.1 has been around for over two years now (birthday was September 7, 2006), and by now you should have been able to validate as compliant to that version of the standard. If you are still struggling with 1.1, there is good news along with the bad.
The bad news is that in some cases your remediation targets may have shifted slightly in one direction. This will apply to you if you have been doing the absolute bare minimum to comply. VeriSign advises our customers to use PCI as a baseline, and pick certain areas to exceed in so that minor adjustments to the standard will not affect you. I’m pleased to say that our recommendations have been on track.
The good news is that some requirements have been altered to more closely match existing risk management procedures. The bad news here is there is some room for interpretation (as always), that may once again cause some QSAs consternation.
Sorry, I meant to say, cause some QSA’s customers consternation.
For those of you heading to the PCI Community Meeting in Orlando next week, please stop by our booth! We’ll have a few leaders in our PCI consulting practice available to chat with you!
Possibly Related Posts:
- PCI DSS 4.0 Released plus BOOK DETAILS!
- PCI Council Loses $600K in Revenue, PO Population on the Decline
- Why PCI DSS 4.0 Needs to be a Complete Rewrite
- Orfei Steps Down
- Should you be a PCI Participating Organization?