PCI Free Blog

PCI DSS VERSION 2.0 HIGHLIGHTS

In last week’s blog we mentioned that a new SAQ version has been implemented and must be adopted by all merchants on their 2012 PCI renewal.  This week’s blog shows the rest of the Summary Of Changes Highlights pulled directly from the council website.  The week after this we will go over some of the changes in detail.  Please use this site for all of your PCI compliance needs.  Get PCI compliant with PCIFree.com!

Requirement Impact Reason for Change Proposed Change Category
PCI DSS

Requirement 3.6

Clarify key management processes. Clarify processes and increase flexibility for cryptographic key changes, retired or replaced keys, and use of split control and dual knowledge. Clarification
PCI DSS

Requirement 6.2

Apply a risk based approach for addressing vulnerabilities. Update requirement to allow vulnerabilities to be ranked and prioritized according to risk. Evolving Requirement
PCI DSS

Requirement 6.5

Merge requirements to eliminate redundancy and Expand examples of secure coding standards to include more than OWASP. Merge requirement 6.3.1 into 6.5 to eliminate redundancy for secure coding for internal and Web-facing applications.

Include examples of additional secure coding standards, such as CWE and CERT.

Clarification
PCI DSS

Requirement 12.3.10

Clarify remote copy, move, and storage of CHD. Update requirement to allow business justification for copy, move, and storage of CHD during remote access. Clarification
PA DSS

General

Payment Applications on Hardware Terminals. Provide further guidance on PA-DSS applicability to hardware terminals. Additional Guidance
PA-DSS

Requirement 4.4

Payment applications should facilitate centralized logging. Add sub-requirement for payment applications to support centralized logging, in alignment with PCI DSS requirement 10.5.3. Evolving Requirement
PA-DSS

Requirements

10 & 11

Merge PA-DSS Requirements 10 and 11 Combine requirements 10 and 11 (remote update and access requirements) to remove redundancies. Clarification
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply