Some of our readers, who are also working on information security teams in their organizations, may well be interested in the newest release of version 2 of the Payment Card Industry Data Security Standard (PCI DSS) or simply PCI version 2.0.
This PCI version 2.0 was released on October 28, 2010, and goes into effect on Jan 1, 2011. However, impacted entities have until Dec. 31, 2011, to become fully compliant with this standard. Click here to view a pdf version of the standard.
There are 12 proposed changes in versions 2.0 of the PCI-DSS, as well as the PCI Payment Application Data Security Standard, with those changes falling into three main categories:
- Clarification: Clarifies intent of requirement; ensures that concise wording in the standards portray the desired intent of requirements;
- Additional Guidance: Provides further information on a particular topic to increase understanding of the intent of the requirement;
- Evolving Requirement: Ensures the standards are up-to-date with emerging threats and changes in the marketplace.
In addition, a recent “Summary of Changes” document released by the PCI Security Standards Council (SSC) should be required reading by any team members in your organization if that organization is impacted by this Standard. Click here to view that document.
Another great source to add to your organization’s resource library regarding this standard is that of the documents library of the PCI Security Standards Council.
If you find that your organization is impacted by the PCI version 2.0 standard, then please pass this information along to those information security or data network security specialists in your organization.