Payment Card Industry Security Standards Council (PCI SSC) by Viviana Wesley, PCI QSA, ISO 27001 Auditor

The Payment Card Industry Security Standards Council (PCI SSC) will be releasing version 3.2 of the Payment Card Industry Data Security Standard (PCI DSS) in the second quarter of 2016 and will become effective as soon as it’s published. PCI DSS version 3.1 will be retired three months later to allow organizations to complete PCI DSS v3.1 assessments already under way.

Version 3.2 will include updates to address the following:

  • Additional multi-factor authentication for administrators within a Cardholder Data Environment (CDE)
  • The addition of some of the Designated Entities Supplemental Validation (DESV) criteria for service providers
  • Clarification of masking criteria for primary account numbers (PAN) when displayed
  • Updated migration dates for SSL/early TLS that were published in December 2015

The PCI SSC recently wrote a blog post titled Preparing for PCI DSS 3.2: What to Expect in 2016, detailing some of the changes.

For more information, or to find out how your organization may be affected by this new version of the PCI DSS, please contact HALOCK.

 

 

PCI DSS Requirements

PCI DSS Requirement 5.4.1: Anti-spoofing controls such as DMARC, which stands for Domain-based Message Authentication, Reporting and Conformance, Sender Policy Framework (SPF), and Domain Keys Identified Mail (DKIM) can help stop phishers from spoofing the entity’s domain and impersonating personnel. 

Clarification on eCommerce Outsourcing PCI DSS requirements 6.4.3 and 11.6.1

Unpacking the New PCI DSS Password Standards

Is Your Organization Prepared for PCI DSS Automation – Requirement 10.4.1.1?

What is the PCI DSS v4 Authenticated Scanning Mandate – Requirement 11.3.1.2?

What is the PCI DSS v4.0.1 Requirement for PoLP – Requirement 7.2.5?

PCI SSC Updates SAQ A: Removal of Key eCommerce Security and New Eligibility Criteria – Requirements 6.4.3, 11.6.1, 12.3.1

The New PCI DSS v4.0.1 Software Catalog Mandate – Requirement 6.3.2

How PCI DSS 4.0.1 Tackles Service Account Vulnerabilities – Requirements 8.6.1, 7.2.5.1, 8.6.2, 8.6.3, 10.2.1.2

Are You Keeping an Inventory of Cipher Suites and Certificates for the New PCI DSS – Requirements 12.3.3, 4.2.1.1?

How to Analyze An Attestation of Compliance (AOC)

 

INFORMATION SECURITY PRIMERS

Managing IoT Risk: A Primer

Primer on Post-Quantum Cryptography (PQC)

Primer on Cloud Security

A Primer for AI Legislation and Litigation: Trends and Resources

A Primer to Frictionless Authentication

A Primer to Russian Intelligence “Snake” Malware

A Primer to Security Access Service Edge (SASE)

A Primer to Digital Risk Protection Services (DRPS)

A Primer to Containerization

A Primer to Cloud Access Security Brokers (CASB)

A Primer to Zero Trust Security

A Primer to Deception Technology

Managing AI Risks in Organizational Adoption and Usage

What are DeepFakes?