Preview of PCI DSS 1.3 - oops 2.0

The PCI Security Standards Council released the summary of changes for the new version of PCI -- 2.0. Merchants, you can quit holding your breath as this document is a yawner -- as we've long suspected it would be. In fact, to call it 2.0 is a...

Share

The PCI Security Standards Council released the summary of changes for the new version of PCI -- 2.0. Merchants, you can quit holding your breath as this document is a yawner -- as we've long suspected it would be.

In fact, to call it 2.0 is a real stretch as it seems to be filled -- as promised by earlier briefings with the PCI SSC -- merely with additional guidance and clarifications. Jeff, over at the PCI Guru, has a great review of the summary doc so I won't try to duplicate his detailed analysis. The most helpful part of the doc is an acknowledgement that more guidance on virtualisation -- the one function per server stuff -- will finally be addressed.

Suffice it to say, it doesn't look good for all those DLP vendors looking for Santa Compliance to leave them a little gift under the tree this year. I've been hearing hopeful rumors (that I assume start within the bowels of DLP vendor marketing departments) that PCI would require DLP in the next version. Looks like it's going to be a three year wait to see if Santa will finally stop by their house.

Remember that this is a summary of changes so there's not that much meat yet. The actual standard will be pre-released early next month with the final standard coming out after the European Community Meeting in October.

Promoted