The PCI Security Standards Council (PCI SSC) published documentation
highlighting the expected changes to be introduced with version 2.0 of
the PCI DSS and PA-DSS in October 2010.
Version 2.0 of PCI DSS and version 2.0 of PA-DSS do not introduce any
new major requirements. Key updates, clarifications and guidance
include:
* Reinforcement of need for thorough scoping exercise prior to PCI
DSS assessment in order to understand where cardholder data resides
* Support for centralized logging included in PA-DSS to promote
more effective log management
* Validation, within certain requirements, of risk-based approach
for addressing vulnerabilities, allowing organizations to consider
their specific business circumstances and tolerance to risk when
assessing and prioritizing vulnerabilities
* Greater alignment between PCI DSS and PA-DSS to facilitate
stronger security practices.
“The relatively minor revisions are a testament to the maturity of the
standards and their ability to protect sensitive card data,” said Bob
Russo, general manager, PCI Security Standards Council. “With the
changes to the PCI DSS and PA-DSS outlined in advance, organizations
will be better prepared to align their security programs with the
updated standards and ensure security of their cardholder data.”
@http://www.net-security.org
--
You received this message because you are subscribed to the Google Groups
"nforceit" group.
To post to this group, send an email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/nforceit?hl=en-GB.
