The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee

PCI Council Highlights Changes to PCI DSS and PA-DSS

1 Comment

The PCI Council has announced expected changes to the PCI DSS and PA-DSS standards for the upcoming 3.0 release in November.  Key focus areas include the lack of education and awareness; weak passwords and authentication challenges; third party security challenges; slow self-detection in response to malware and other threats; and inconsistency in assessments.

While the updates are still under review by the PCI community, proposed updates include:

  • Recommendations on making PCI DSS business-as-usual and best practices for maintaining PCI DSS compliance
  • Security policy and operational procedures built into each requirement
  • Guidance for all requirements with content from the Navigating PCI DSS Guide
  • Flexibility and education regarding password strength and complexity
  • Requirements for point-of-sale terminal security
  • Requirements for penetration testing and validating segmentation
  • Considerations for cardholder data contained in memory
  • Enhanced testing procedures to clarify the level of validation expected
  • Expanded software development lifecycle security requirements for PA-DSS vendors, including threat modeling.

Final changes to the standards will be determined after PCI Community Meetings and published in November.  Registration for the 2013 Community Meetings is available here.  Additionally, the Council will host a webinar series to outline the proposed changes; registration available here.  PCI DSS and PA-DSS 3.0 will become effective on January 1, 2014.

Author: Heather Enlow-Novitsky

VP, Assistant General Counsel, Bank of America Merchant Services

One thought on “PCI Council Highlights Changes to PCI DSS and PA-DSS

  1. Pingback: PCI Council Releases Version 3.0 | The Secure Times

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s