Tags ArchivesPCI DSS Feedback

PCI DSS Feedback 2012 standard

The PCI Security Standards Council released a statement this morning outlining some of the highlights from the feedback period we just finished this year as part of the PCI DSS lifecycle. If you are going to be at the community meeting next week (or later in October for EU), I strongly suggest you attend the session on the feedback and potential proposed changes to the standard (if they have the ability to turn that around this quickly). Here are a couple of notes from my analysis (note some of the wording is similar to the press release, go read it): Scoping is still an issue. I think we all agree that at some point the framers of PCI DSS will ...

Continue Reading

PCI DSS Feedback Period Begins TODAY standard

Remember all that stuff about a three-year life cycle? Well, it’s now officially phase 4, the beginning of the feedback period! What needs fixing in your opinion? What needs clarification? Theoretically, you should have had some time to investigate how the new version impacts your environment, and thought about implementation if not already validated against 2.0 this year. Unless your acquirer tells you otherwise, you will be validating against 2.0 next year. So far, the biggest complaints I have heard from stakeholders is the lack of cloud and mobility as well as confusion around scope. One of my issues (which I am unsure if the Council is willing to solve) is around the sampling methodology and risk assessment thresholds that ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!