- Contact Us
PCI DSS 3.2 is coming and that means some changes for Merchants and Service Providers and the steps that they take to mitigate their risk of a breach involving credit and debit cards. While change is inevitable, change can still be difficult,especially when you are talking about all of the different parts related to PCI Compliance and Information Security. The good news is that the PCI Data Security Standard (DSS), according to the PCI Security Standards Council (SSC), is now considered a mature standard and, therefore, will only see incremental changes moving forward. But what are incremental changes? While they may not fall into the category of major shifts, incremental changes can still have a significant impact on an organization. For that reason, we are going to dig into PCI DSS 3.2 by the numbers.
Before we provide some of the numbers of changes in the PCI DSS 3.2 release that will be taking place over the coming days, we need to define some of the terms that PCI SSC uses. There are 3 main categories that these changes fall into:
While the three above categories are all important and need to be taken very seriously, the Evolving Requirements are the ones that usually are the biggest changes based on feedback from the community, changing threats, and attack trends that are taking place in the market today.
Now that we have the context, let's get to the numbers of just how many changes take place in the release of PCI DSS 3.2:
|Requirement||New or Updated?||Brief Explanation|
|Requirement 3.3||Updated||PAN Display|
|Requirement 3.5.1||New||Cryptographic architecture|
|Requirement 6.4.6||New||Change controls processes to include PCI DSS verification|
|Requirement 8.3||New||Multi-factor authentication|
|Requirement 10.8||New||Detect and report failures of critical security control systems|
|Requirement 184.108.40.206||New||Penetration Testing on Segmentation Controls|
|Requirement 12.4||New||PCI DSS Compliance Program|
|Requirement 12.11 and 12.11.1||New||Quarterly Security Policy and Procedure Reviews|
Compass IT Compliance has previously hosted several webinars on PCI DSS 3.2, to discuss these changes and provide some additional information for merchants and service providers. Click below to watch!