PCI Security Standards Council Publishes Minor Revision to PCI Data Security Standard
Today the PCI Security Standards Council (PCI SSC) published a minor revision to the PCI Data Security Standard (PCI DSS), which businesses around the world use to safeguard payment card data before, during and after a purchase is made. PCI DSS version 3.2.1 replaces version 3.2 to account for effective dates and Secure Socket Layer (SSL)/early Transport Layer Security (TLS) migration deadlines that have passed. No new requirements are added in PCI DSS v3.2.1. PCI DSS v3.2 remains valid through 31 December 2018 and will be retired as of 1 January 2019.
“This update is designed to eliminate any confusion around effective dates for PCI DSS requirements introduced in v3.2, as well as the migration dates for SSL/early TLS,” said PCI SSC Chief Technology Officer Troy Leach. “It is critically important that organizations disable SSL/early TLS and upgrade to a secure alternative to safeguard their payment data.”
The minor changes in PCI DSS v3.2.1 reflect how existing requirements are affected once the effective dates and SSL/TLS migration deadlines have passed so that organizations can accurately report how their implementations meet these existing requirements after 30 June. Specifically, the changes include:
- Removal of notes referring to an effective date of 1 February 2018 for applicable requirements, as this date has passed.
- Updates to applicable requirements and Appendix A2 to reflect that only POS POI (point of sale point of interaction) terminals and their service provider connection points may continue using SSL/early TLS as a security control after 30 June 2018.
- Removal of multi-factor authentication (MFA) from the compensating control example in Appendix B, as MFA is now required for all non-console administrative access; addition of one-time passwords as an alternative potential control for this scenario.
The updates in PCI DSS v3.2.1 do not affect the Payment Application Data Security Standard (PA-DSS), which will remain at v3.2.
PCI DSS v3.2.1 and a summary of changes from v3.2 to v3.2.1 are available now in the Document Library on the PCI SSC website. Updated versions of the Migrating from SSL and Early TLS Information Supplement, Self-Assessment Questionnaires (SAQ) and SAQ Instructions and Guidelines will be published shortly to support PCI DSS v3.2.1.
For more information, read PCI Perspectives blog Q&A with Chief Technology Officer Troy Leach: PCI DSS Now and Looking Ahead.
About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.
PCI Security Standards Council
Mark Meissner, +1-202-744-8557
Om Business Wire
(c) 2018 Business Wire, Inc., All rights reserved.
Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.
Følg saker fra Business Wire
Registrer deg med din epostadresse under for å få de nyeste sakene fra Business Wire på epost fortløpende. Du kan melde deg av når som helst.
Siste saker fra Business Wire
Hilton Launches New Brand, Signia Hilton, Delivering Sophisticated Travel While Reimagining Meetings and Events22.2.2019 17:00:00 | Pressemelding
Hilton (NYSE: HLT) today announced the launch of Signia Hilton, its dynamic, new meetings-and-events-focused brand. The portfolio of hotels is setting out to transform the industry for meeting professionals and sophisticated business travelers by infusing state-of-the-art technology and design into every aspect of the guest experience. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20190222005071/en/ The brand further reinforces Hilton’s commitment to innovation that meets the evolving needs of today’s travelers and will bring premium experiences to top urban and resort destinations around the world. “In our 100th year of hospitality, we are more focused than ever on providing exceptional experiences to all of our guests – and that includes evolving those experiences to meet their changing needs,” said Christopher J. Nassetta, president and CEO, Hilton. “We are proud to launch Signia Hilton, which exemplifies our innovative sp
Axonics® Granted Expanded CE Mark Label; First and Only Sacral Neuromodulation System Approved for Use with Full-Body MRI Scans22.2.2019 16:30:00 | Pressemelding
Axonics Modulation Technologies, Inc. (NASDAQ: AXNX), a medical technology company focused on the development and commercialization of novel implantable Sacral Neuromodulation (“SNM”) devices for the treatment of urinary and bowel dysfunction, announced today that it has received CE mark approval for 1.5T and 3T full-body magnetic resonance imaging (“MRI”) conditional labeling for the Axonics r-SNM® System. The Axonics r-SNM System is the only implantable SNM system that has received full-body MRI conditional labeling for sale in Europe1. Raymond W. Cohen, Chief Executive Officer of Axonics, said, “Without this labeling, any patient requiring an MRI scan on any body part below the head must have their neurostimulator surgically explanted prior to the MRI scan, resulting in an additional surgery for the patient and additional costs to patients and the healthcare system. This authorization of full-body MRI scans in Europe is another important milestone for Axonics, differentiating our te
Fantastec Joins Forces with Arsenal FC Launching Official Blockchain Collectibles App22.2.2019 14:30:00 | Pressemelding
Fantastec announced today its first football licensing agreement with Premier League club Arsenal FC for a new blockchain authenticated collectibles app called Fantastec SWAP. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20190222005277/en/ Arsenal players appear on Fantastec SWAP in official licensing deal (Graphic: Business Wire) London-based Fantastec is a leading sports fan technology innovator, and its blockchain based ‘SWAP’ app will have broad appeal to global sports fans, gamers and sports card collectors alike. Fantastec SWAP unlocks unique and authentic club content through the app, like player autographs and exclusive footage. With its innovative blockchain technology, fans around the world can now discover, collect and swap officially licensed club collectibles with other fans with complete trust. “Fantastec SWAP is a game-changer for international football fans as well the sports collectibles industry,” commented
Volkswagen Protects Virtual Key Sharing App with Trustonic Application Protection22.2.2019 13:42:00 | Pressemelding
Volkswagen is working with mobile cyber security leader Trustonic to enable customers to use smartphones to access their vehicles, and to securely share their digital car keys to grant access to others via a smartphone app. Volkswagen is using the Trustonic Application Protection (TAP) platform to secure the mobile app and ensure that sensitive information and key transfer requests are securely displayed to, and approved by, a real authenticated user on a trusted device and not by hackers or malware simulating a user or device. “The smartphone is becoming the vehicle key of the future and our We Connect service is the interface for this today in the new Volkswagen Passat,” comments Alf Pollex, Head of Infotainment and Connected Car at Volkswagen AG. “The user installs the We Connect app on their smartphone which is then authorized via the infotainment system with a Transaction Number. The Mobile Key will be compatible with Android-based Samsung devices. No mobile network connection is
Mundipharma EDO GmbH: US FDA grants Orphan Drug Designation for etoposide toniribate in relapsed/refractory biliary tract cancer22.2.2019 13:30:00 | Pressemelding
Mundipharma EDO GmbH, part of the Mundipharma network of independent associated companies, and Imbrium Therapeutics L.P., an operating subsidiary of Purdue Pharma L.P., today announced that the US FDA has granted Orphan Drug Designation (ODD) to etoposide toniribate for the treatment of relapsed/refractory biliary tract cancer, also known as cholangiocarcinoma.3 This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20190222005126/en/ Biliary tract cancer is a rare tumour with approximately 8,000 patients diagnosed in the US every year and 10,571 in Europe.4,5 The FDA grants ODD status to medicines intended for the treatment, diagnosis or prevention of rare diseases or disorders that affect fewer than 200,000 people in the US. Radical surgery is the only curative treatment for biliary tract cancer but, in most cases, the cancer is inoperable. Patients who fail first-line chemotherapy have limited treatment options and the standard of
Lenovo Data Center Group Delivers Broad Edge Computing Portfolio, Expands Investments in IoT22.2.2019 13:13:00 | Pressemelding
Next week at MWC Barcelona, Lenovo Data Center Group (DCG) will showcase continued investments in its solutions supporting IoT and edge computing as part of its IoT growth plan over the next few years. Building on the momentum of its fifth consecutive quarter of profit growth, Lenovo DCG is building a portfolio that takes infrastructure to where the data is, whether that be in the traditional data center, in the cloud or increasingly, at the edge. Today, around 10 percent of enterprise-generated data is created and processed outside a traditional centralized data center or cloud. By 2022, Gartner predicts this figure will reach 75 percent. This migration is driving increased concerns around data privacy, security and regulations coupled with challenges of latency, bandwidth and downtime. Lenovo is addressing these challenges by creating a broad portfolio of edge computing offerings that address the different ways that customers want to deploy edge computing solutions for IoT use cases.