PCI Security Standards Council Publishes Minor Revision to PCI Data Security Standard
Today the PCI Security Standards Council (PCI SSC) published a minor revision to the PCI Data Security Standard (PCI DSS), which businesses around the world use to safeguard payment card data before, during and after a purchase is made. PCI DSS version 3.2.1 replaces version 3.2 to account for effective dates and Secure Socket Layer (SSL)/early Transport Layer Security (TLS) migration deadlines that have passed. No new requirements are added in PCI DSS v3.2.1. PCI DSS v3.2 remains valid through 31 December 2018 and will be retired as of 1 January 2019.
“This update is designed to eliminate any confusion around effective dates for PCI DSS requirements introduced in v3.2, as well as the migration dates for SSL/early TLS,” said PCI SSC Chief Technology Officer Troy Leach. “It is critically important that organizations disable SSL/early TLS and upgrade to a secure alternative to safeguard their payment data.”
The minor changes in PCI DSS v3.2.1 reflect how existing requirements are affected once the effective dates and SSL/TLS migration deadlines have passed so that organizations can accurately report how their implementations meet these existing requirements after 30 June. Specifically, the changes include:
- Removal of notes referring to an effective date of 1 February 2018 for applicable requirements, as this date has passed.
- Updates to applicable requirements and Appendix A2 to reflect that only POS POI (point of sale point of interaction) terminals and their service provider connection points may continue using SSL/early TLS as a security control after 30 June 2018.
- Removal of multi-factor authentication (MFA) from the compensating control example in Appendix B, as MFA is now required for all non-console administrative access; addition of one-time passwords as an alternative potential control for this scenario.
The updates in PCI DSS v3.2.1 do not affect the Payment Application Data Security Standard (PA-DSS), which will remain at v3.2.
PCI DSS v3.2.1 and a summary of changes from v3.2 to v3.2.1 are available now in the Document Library on the PCI SSC website. Updated versions of the Migrating from SSL and Early TLS Information Supplement, Self-Assessment Questionnaires (SAQ) and SAQ Instructions and Guidelines will be published shortly to support PCI DSS v3.2.1.
For more information, read PCI Perspectives blog Q&A with Chief Technology Officer Troy Leach: PCI DSS Now and Looking Ahead.
About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.
PCI Security Standards Council
Mark Meissner, +1-202-744-8557
Om Business Wire
(c) 2018 Business Wire, Inc., All rights reserved.
Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.
Følg saker fra Business Wire
Registrer deg med din epostadresse under for å få de nyeste sakene fra Business Wire på epost fortløpende. Du kan melde deg av når som helst.
Siste saker fra Business Wire
Andersen Global Expands in Africa with Oliveira & Associados21.8.2018 13:30 | Pressemelding
Andersen Global continues its expansion in Africa through a Collaboration Agreement with Oliveira & Associados, a law firm based in Angola, founded by Formosa Oliveira in 2016. Andersen Global Chairman and Andersen Tax LLC CEO, Mark Vorsatz, commented, “The economy in Angola is one of the fastest growing in the world, and we are excited about adding this practice in a market that has a strong connection to Portugal and is strategic to our business in Portugal. Oliveira & Associados is an energetic and talented group, and with the addition of Isalcio Mahanjane e Associados in Mozambique last week, we have added key locations in our Portuguese and Iberian strategy.” With headquarters in Luanda, Oliveira & Associados provides legal services to both corporate and individual clients within Africa and globally. “Collaborating with Andersen Global will help us extend our reach as we develop and seamlessly deliver cross-border solutions,” remarked Formosa Oliveira. “With added tax and legal se
Mavenir Introduces RCS Business Messaging Partner Program to Enable MNO’s A2P Revenue Growth21.8.2018 13:00 | Pressemelding
Mavenir, the world’s #1 messaging systems provider and a leader in Rich Communication Services (RCS)—with an 85% market share in North America—today announced its RCS Business Messaging Partner Program with 15 confirmed partners. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20180821005089/en/ Mavenir’s RBM Chatbot (Photo: Business Wire) The Mavenir RCS Business Messaging (RBM) solution enables brands, aggregators, content providers, enterprises and MNOs to monetize RCS messaging technologies and provide rich, multimedia end-user experiences from the native messaging application on mobile devices. This global partner program is focused on accelerating the adoption of RCS multimedia messaging by creating a community of industry leading messaging partners to provide MNOs with a compelling business-to-consumer (B2C) messaging channel and become the platform of choice for advertisers, brands, content providers and enterprises to
Dynacor Announces First Quarterly Dividend Payment21.8.2018 12:03 | Pressemelding
Dynacor Gold Mines Inc. (TSX: DNG) (OTC: DNGDF) (Dynacor or the Corporation) is pleased to announce today that its Board of Directors (Board) has approved the initiation of quarterly cash dividends to its shareholders and the declaration of the first cash dividend in the company's history. The dividend of CAD$ 0.01 per common share, is payable on October 1, 2018 to shareholders of record on September 20, 2018. Dynacor is one of the largest ore purchasing processors in Peru. With its new ore processing facility operating at near full capacity, the Corporation is forecasting 2018 to be its best year on record. Dynacor’s stable business model is proven to withstand the volatility of the gold price. The Corporation is free of debt, in a healthy financial situation and working towards its 30th consecutive quarter of profits. President and CEO Jean Martineau states, “Our team has worked very hard to build the Corporation to what it is today. Our solid financial situation and leadership posit
FAA Approves AerTrak for Boeing 757-200 Series Aircraft to Comply with Automatic Dependent Surveillance-Broadcast (ADS-B) Operations Mandate21.8.2018 12:00 | Pressemelding
The Federal Aviation Administration (FAA) has issued a Supplemental Type Certificate (STC) for installation of AerSale®’s AerTrak™ system on Boeing 757-200 series aircraft (ST04011NY), to comply with the Automatic Dependent Surveillance-Broadcast (ADS-B) Operations rule, a critical part of the agency’s Next Generation Air Transportation System (NextGen). Beginning January 1, 2020, the FAA has mandated that aircraft operating in airspace defined by 14 CFR § 91.225 must be equipped with an ADS-B Out system that meets the minimum performance requirements of 14 CFR § 91.227. The FAA approved AerTrak for Boeing 737 NG series aircraft (ST04009NY) earlier this year. ADS-B provides enhanced navigational accuracy using precise tracking via global positioning satellite (GPS) signals. Reducing risk and improving safety, the technology increases navigational coverage, especially in remote areas beyond radar range. Additionally, ADS-B enables more direct flight plans, thereby saving time, costs, an
Smiths Detection Delivers Effective Lithium Battery Detection21.8.2018 08:00 | Pressemelding
Smiths Detection now offers reliable and accurate lithium battery detection as an option on the HI-SCAN 100100V-2is and 100100T-2is scanners, with other conventional X-ray systems to follow. Existing installations can also be upgraded on site. This is the first module from a series of smart and adaptable algorithms for the automatic detection of an ever expanding list of dangerous, prohibited and contraband goods and substances. Taking the deep learning approach, Smiths Detection is collaborating with customers to build a huge library of images from which the algorithms can ‘learn’ to detect many other items. “The lithium battery development follows IATA’s recommendations regarding Dangerous Goods and is aimed mainly at the air cargo sector,” explained Matt Clark, VP Technology & Product Development, Smiths Detection. “It is designed to tackle the tangible threat posed by lithium batteries, which have the potential to ignite when airborne. In addition to extending this option to a full
Avaya Contact Centre Migration Improves Australian Department of Defence Effectiveness and Capability21.8.2018 07:00 | Pressemelding
Protecting the national interest gets a boost from omnichannel communications, as Avaya Holdings Corp. (NYSE:AVYA) today announced it has been selected as the contact centre technology and services provider by the Australian Department of Defence. The five-year contract will see Defence migrate and consolidate its 14 contact centres – comprising more than 650 personnel and servicing over 40 lines of business – exclusively to the Avaya omnichannel platform. The new solution will enable Defence’s contact centres to be fully unified with all communications channels and associated applications. This omnichannel environment will allow Defence to expand its automation and analytics capabilities, subsequently providing a more efficient and personalised experience for the people who interact with any of the contact centres. When the project is complete, contact centre agents within each operational arm of Defence will have visibility into combined data sets, allowing them to deliver personalis