Version 1.2 of the PCI Data Security Standard Coming in October
The PCI Security Standards Council has announced the timeline for the release of PCI DSS version 1.2, scheduled for availability in October 2008. According to the Council, the new version of PCI DSS will 'enhance the clarity of its technical requirements, offer improved flexibility and address new and evolving risks and threats.'
Since the distribution of version 1.1 of the Standard in September 2006, the Council has engaged industry stakeholders, including retail merchants, vendors, electronic funds transfer (EFT) networks, point-of-sale (POS) application developers, banks and other stakeholders with a global view to address real world threats and implementation challenges. Using feedback provided by this community, including more than 2,000 questions submitted to the Council since its formation in 2006, version 1.2 of PCI DSS:
- Incorporates existing and new best practices
- Provides further scoping and reporting clarification
- Eliminates overlapping sub-requirements and consolidates documentation
- Enhances the frequently asked questions and glossary to facilitate understanding of the security process
The enhanced clarity provided by version 1.2 will ease the implementation process and increase overall adoption of the standard. The updated standard will reflect the broad industry feedback and is designed to anticipate, identify and mitigate future security threats, but will not include any new core requirements beyond the existing 12 in place. This ongoing feedback process ensures that the PCI DSS continues to evolve in a manner that reflects threats in the marketplace and increases cardholder data security.
"We believe adoption of PCI DSS version 1.2 will increase cardholder data security and minimize the risk of data breaches that can challenge the positive public perception of the security practices of merchants and financial institutions involved in the payments chain,” said Bob Russo, General Manager, PCI Security Standards Council. “Version 1.2 will allow for the adoption of new best practices and protections with sufficient implementation lead time.”
Today’s announcement is the first in a series of public communications designed to raise awareness of the updated PCI DSS. Participating Organizations in the Council will have an opportunity to review the proposed changes at the PCI SSC annual Community Meeting to be held in Orlando, Fla., September 23-25, 2008.
Stumble It!
Add your comment... (note that all comments are reviewed before they're published)