PCI DSS Version 3.2

PCI DSS 3.2 is officially published

Here is the summary:

Multi-factor authentication will be required for all administrative access into the cardholder data environment.

The “Designated Entities Supplemental Validation” (DESV) – a set of steps that tell an entity how they can meet PCI DSS requirements – have now been incorporated into the standard.

Migration from SSL and TLS v1.0 to TLS v1.1 and higher must be performed by July 1, 2018

Service providers get several new requirements, such as maintaining a documented description of the cryptographic architecture and reporting on failures of critical security control systems, establishing responsibility for protection of cardholder data and the PCI DSS compliance program, regular penetration testing on segmentation controls, proving that its top executives have an understanding of PCI DSS compliance

Summary of Changes Document
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2_Summary_of_Changes.pdf

Full Data Security Standard
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2.pdf

This entry was posted in Security Blog and tagged , . Bookmark the permalink.