PCI Security Standards Council Publishes Minor Revision to PCI Data Security Standard
Today the PCI Security Standards Council (PCI SSC) published a minor revision to the PCI Data Security Standard (PCI DSS), which businesses around the world use to safeguard payment card data before, during and after a purchase is made. PCI DSS version 3.2.1 replaces version 3.2 to account for effective dates and Secure Socket Layer (SSL)/early Transport Layer Security (TLS) migration deadlines that have passed. No new requirements are added in PCI DSS v3.2.1. PCI DSS v3.2 remains valid through 31 December 2018 and will be retired as of 1 January 2019.
“This update is designed to eliminate any confusion around effective dates for PCI DSS requirements introduced in v3.2, as well as the migration dates for SSL/early TLS,” said PCI SSC Chief Technology Officer Troy Leach. “It is critically important that organizations disable SSL/early TLS and upgrade to a secure alternative to safeguard their payment data.”
The minor changes in PCI DSS v3.2.1 reflect how existing requirements are affected once the effective dates and SSL/TLS migration deadlines have passed so that organizations can accurately report how their implementations meet these existing requirements after 30 June. Specifically, the changes include:
- Removal of notes referring to an effective date of 1 February 2018 for applicable requirements, as this date has passed.
- Updates to applicable requirements and Appendix A2 to reflect that only POS POI (point of sale point of interaction) terminals and their service provider connection points may continue using SSL/early TLS as a security control after 30 June 2018.
- Removal of multi-factor authentication (MFA) from the compensating control example in Appendix B, as MFA is now required for all non-console administrative access; addition of one-time passwords as an alternative potential control for this scenario.
The updates in PCI DSS v3.2.1 do not affect the Payment Application Data Security Standard (PA-DSS), which will remain at v3.2.
PCI DSS v3.2.1 and a summary of changes from v3.2 to v3.2.1 are available now in the Document Library on the PCI SSC website. Updated versions of the Migrating from SSL and Early TLS Information Supplement, Self-Assessment Questionnaires (SAQ) and SAQ Instructions and Guidelines will be published shortly to support PCI DSS v3.2.1.
For more information, read PCI Perspectives blog Q&A with Chief Technology Officer Troy Leach: PCI DSS Now and Looking Ahead.
About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.
PCI Security Standards Council
Mark Meissner, +1-202-744-8557
Om Business Wire
(c) 2018 Business Wire, Inc., All rights reserved.
Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.
Følg saker fra Business Wire
Registrer deg med din epostadresse under for å få de nyeste sakene fra Business Wire på epost fortløpende. Du kan melde deg av når som helst.
Siste saker fra Business Wire
Lenovo and Scale Computing Collaborate to Solve Edge Infrastructure Challenges for Retailers17.10.2018 14:34 | Pressemelding
Lenovo (HKSE: 992) (ADR: LNVGY), a Global Fortune 500 company and a technology leader in Intelligent Transformation, and Scale Computing, a market leader in intelligent edge solutions, today announced a global partnership and a new joint product providing a solution for edge infrastructure for global retailers, distributed enterprises and small and medium-sized businesses. The solution is ideal for highly distributed, on-premise environments, such as retail stores or bank branches, with multiple locations managed by the enterprise from a central location. Lenovo’s broad range of servers combined with efficient, intelligent edge infrastructure software from Scale Computing deliver a simple, self-healing, highly-available platform for running applications at the edge or hybrid edge-and-cloud. The Scale Computing HC3 Edge Platform on Lenovo Servers replaces traditional complex and expensive on-premise infrastructure with a modern solution optimized for environments where application uptim
As Hilton Nears 100-Year Milestone, New Research Uncovers a World-Changing Impact17.10.2018 13:24 | Pressemelding
As Hilton (NYSE: HLT) heads toward a milestone 100th anniversary in 2019, best-selling author and Stanford Business professor Chip Heath will unveil the impact the first global hotel company has had around the world in a new book titled The Hilton Effect. Business author Karla Starr joined him in the examination of the company founded by Conrad Hilton, a dreamer who aspired to create much more than just a comfortable place to sleep. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20181017005486/en/ As Hilton nears 100-year milestone, new research uncovers a world-changing impact. (Graphic: Business Wire) Over the last century, Hilton has grown from a single hotel in Cisco, Texas, to nearly 5,500 hotels and 14 brands in 106 countries and territories. Hilton’s hotels have hosted more than 3 billion guests since 1919 and enlisted nearly 10 million Team Members in the company’s mission to fill the Earth with the light and warmth of
Infovista Announces Channel Go-to-Market Strategy for 5G, Application-Aware SD-WAN Solutions17.10.2018 13:00 | Pressemelding
Reinforcing its commitment to the channel to deliver its industry-leading 5G, application-aware SD-WAN and network testing solutions to market, Infovista, the leader in modern network performance, today announced its go-to-market strategy is “all indirect, all the time.” To accelerate its global channel strategy, Infovista has hired industry veteran Jon Howes as senior vice president, global channel sales. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20181017005042/en/ Jon Howes, Senior Vice President Global Channel Sales (Photo: Business Wire) Howes is responsible for leading Infovista’s indirect go-to-market strategy for all products. Howes, an accomplished channel leader with a long history of managing high-performance channel and business development teams, has expertise spanning multiple geographies in both service provider and enterprise end user environments. Prior to joining Infovista, Howes built channels for Junipe
Smart Link Accelerates Digital Service Expansion with Avaya Cloud Contact Center Solutions17.10.2018 12:37 | Pressemelding
Smart Link, a subsidiary of Al Khaleej for Training and Education and a leading Saudi-based Business Process Outsourcing (BPO) company, has teamed up with Avaya Holdings Corp. (NYSE:AVYA) to accelerate Smart Link’s expansion and the diversification of its digital services portfolio. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20181017005478/en/ Avaya signs a Memorandum of Understanding with Smart Link during GITEX Technology Week 2018 (Photo: Business Wire) The two companies signed a Memorandum of Understanding (MoU) during GITEX Technology Week with a focus on digital and cloud-based solutions that will enable Smart Link to have greater agility and flexibility in meeting its customers’ demands for digital services. In alignment with Saudi Vision 2030, Smart Link is digitalizing and automating all possible duties to increase its human value while delivering cutting-edge communication solutions to connect government and priv
Visa Unveils New Partners on Tokenization to Help Increase Payment Security and Reduce Effects of Data Breaches17.10.2018 12:00 | Pressemelding
Visa Inc. (NYSE:V) today announced the commercial expansion of the Visa Token Service for credential-on-file (COF) token requestors, marking a major milestone towards further securing consumer payments in the digital channel. With this expansion, acquirer gateway and technology partners Adyen, AsiaPay, Braintree, Checkout.com, Cherri Tech, CyberSource, Elavon, Ezidebit, eWAY, Fit-Pay, Giesecke & Devrient, PayPal, Payscout, Rambus, SafeCharge, SecureCo, Square, Stripe, Worldpay and YellowPepper are or will soon be able to tokenize credential-on-file digital payments on behalf of their merchant and payment clients. Built on top of the EMVCo Payment Tokenization Standard, the Visa Token Service offers another layer of security by replacing sensitive cardholder information, such as personal account numbers and expiration dates, with a unique digital identifier (a “token”) that can be used for payment without exposing a cardholder’s more sensitive account information. In addition to enhanci
Moody’s Names Derek Vadala as Global Head of Cyber Risk for MIS17.10.2018 11:00 | Pressemelding
Moody’s Corporation (NYSE:MCO) today announced that it has named Derek Vadala as Global Head of Cyber Risk for Moody’s Investors Service (MIS). In this newly-established role, Mr. Vadala will develop MIS’s capabilities for evaluating cyber risk, including a framework for the consideration of cybersecurity risk in credit analysis, and will spearhead innovative research, analytics and market outreach in this area. “As with environmental, social and governance risks, we see cyber risk as an area of increasing relevance to issuers, investors, counterparties and government authorities as it impacts operational and credit risk. Moody’s has a unique perspective that can help enhance market understanding of the ways credit and cyber risk intersect,” said Rob Fauber, President of Moody’s Investors Service. “Derek has a wealth of direct leadership experience in cyber and information security, and we are fortunate to have him lead the development of our cyber risk analysis capabilities.” Mr. Vada