Preview of PCI DSS 1.3 - oops 2.0

The PCI Security Standards Council released the summary of changes for the new version of PCI -- 2.0. Merchants, you can quit holding your breath as this document is a yawner -- as we've long suspected it would be. In fact, to call it 2.0 is a...

Share

The PCI Security Standards Council released the summary of changes for the new version of PCI -- 2.0. Merchants, you can quit holding your breath as this document is a yawner -- as we've long suspected it would be.

In fact, to call it 2.0 is a real stretch as it seems to be filled -- as promised by earlier briefings with the PCI SSC -- merely with additional guidance and clarifications. Jeff, over at the PCI Guru, has a great review of the summary doc so I won't try to duplicate his detailed analysis. The most helpful part of the doc is an acknowledgement that more guidance on virtualisation -- the one function per server stuff -- will finally be addressed.

Suffice it to say, it doesn't look good for all those DLP vendors looking for Santa Compliance to leave them a little gift under the tree this year. I've been hearing hopeful rumors (that I assume start within the bowels of DLP vendor marketing departments) that PCI would require DLP in the next version. Looks like it's going to be a three year wait to see if Santa will finally stop by their house.

Remember that this is a summary of changes so there's not that much meat yet. The actual standard will be pre-released early next month with the final standard coming out after the European Community Meeting in October.

"Recommended For You"

PCI Express 4.0 to speed up tablets and PCs Retailers get their say in card security standards