Search

Brian Pennington

A blog about Cyber Security & Compliance

Tag

2 Factor Authentication

2018 changes to PCI DSS v3.2

Several PCI DSS requirements from version 3.2 come into effect at the end of January, 2018 (that’s just five months from now!).

Here is a list of some of the changes that will come into effect:-

3.5.1: Full documentation of all cryptographic architecture (service providers only)

6.4.6:  Change management processes that include verification of any PCI DSS impact for changes to systems or networks

8.3.x:  MFA for all non-console access to CDE.  This requirement has been the subject of much discussion, and we expect many entities to require remediation.

10.8:   Detection and reporting of all critical security control system failures (service providers only)

11.3.4.1: Penetration testing must now be performed every 6 months, as well as after any segmentation changes. (service providers only)

12.4.1: Executive management must establish PCI responsibilities and compliance program management (service providers only)

12.11.x: Quarterly personnel reviews P&P’s (service providers only)

Advertisements

PCI-DSS and PA-DSS Version 3.0 – the full highlights and changes

Brian Pennington

The PCI SSC considered many things when drafting Version 3.0 of the PCI DSS and PA DSS standards including:

  • What will improve payment security?
  • Global applicability and local market concerns
  • Appropriate sunset dates for other standards or requirements
  • Cost/benefit of changes to infrastructure
  • Cumulative impact of any changes

The nature of the changes reflects the growing maturity of the payment security industry since the Council’s formation in 2006, and the strength of the PCI Standards as a framework for protecting cardholder data. Cardholder data continues to be a target for criminals.

Lack of education and awareness around payment security and poor implementation and maintenance of the PCI Standards leads to many of the security breaches happening today.

The updates address these challenges by building in additional guidance and clarification on the intent of the requirements and ways to meet them. Additionally, the changes in PCI DSS and PA-DSS 3.0 focus…

View original post 1,770 more words

Blog at WordPress.com.

Up ↑

%d bloggers like this: