29 October 2010

PCI DSS v2.0 Published

The Payment Card Industry Security Standards Council has announced version 2.0 of the Data Security Standard.

Partial image of a page from the PCI DSS v2.0

Version 2.0 is available to download and the PCI SSC have also published a summary of changes. The changes are mainly clarifications rather than new major requirements; the following blogs discuss the main issues well:

There are no requirements for merchants to publish confirmation of compliance or assessment results which I was hoping for. But I am curious to see how merchants undertake a risk-based approach to assessing and prioritising vulnerabilities, without simply choosing to accept weaknesses.

PCI DSS v2.0 must be adopted by all organisations with payment card data by 1st January 2011, and from 1st January 2012 all assessments must be under version 2.0 of the standard.

Posted on: 29 October 2010 at 10:04 hrs

Comments Comments (0) | Permalink | Send Send | Post to Twitter

Comments

Comments are filtered automatically and should appear shortly after they been checked.

Post a comment
Confirm acceptance and understanding of the terms of use
New posts to this thread will be sent to your email address
PCI DSS v2.0 Published
http://www.clerkendweller.com/2010/10/29/PCI-DSS-v20-Published
ISO/IEC 18004:2006 QR code for http://clerkendweller.com

Page http://www.clerkendweller.com/2010/10/29/PCI-DSS-v20-Published
Requested by 38.107.179.222 on Thursday, 17 May 2012 at 22:02 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use http://www.clerkendweller.com/page/terms
Privacy statement http://www.clerkendweller.com/page/privacy
© 2010-2012 clerkendweller.com