fbpx
 

Getting ready for the new PCI-DSS Requirements

The PCI-DSS (Payment Card Industry Data Security Standard) standards, the set of requirements for the enhancement of payment data security that all credit card processors must follow, is scheduled for a revision in October 2010 (the current version is 1.2 and the new one will most likely be named the 2.0 version). Although there won’t be any official announcement until October on the proposed changes to be made to PCI DSS requirements, presentations in various trade shows indicate that the changes will be evolutionary, not drastic.

PCI officials have indicated that while there won’t be any new major requirements, several existing requirements will be clarified. The main areas where the revised PCI-DSS standards may be modified include a better definition of the network segmentation requirement, which is the demarcation of credit card holder data from the rest of your system. While you’re of course, required to protect cardholder data now, there’s no requirement currently for you to search for data on all your systems, not just those where your process the credit card numbers. Apparently that’ll change come October – you’ll need to institute a formal data discovery mechanism as one of the key steps in complying with PCI-DSS. While data discovery was often paid lip service, most companies don’t have a formal data discovery system in place. For larger enterprises especially, automated security and vulnerability assessment tools become an almost necessary requirement, in order to perform a viable and valid data discovery exercise.

Merchants will have until the beginning of October 2011, a full year after the announcement of the changes, to fall in line with the additional/modified requirements, meaning that auditors must apply the current PCI-DSS 1.2 version requirements in their assessments until October 1011.

Leave a Comment

Your email address will not be published. Required fields are marked *

*
*

Contact Us

If you have an urgent question regarding your software licensing or a software audit, please contact Miro right away.

Phone:
(732)738–8511 x1208
Email:
Webchat:
Use the chat box on the right
Meeting:

About Us

Miro is a leading global provider of software asset management services, specializing in license management, audit advisory, negotiation tactics, support management, and cloud services. We help our clients maximize ROI on their software license investments, stay in compliance, and minimize the impact of audits. Miro's performance guarantee promises that our long-tenured, diverse, and passionate team of expert analysts provides insightful and actionable advice to help our clients achieve the best possible outcomes.