- Cyber Security Services
- Compliance Services
- IT Risk and Audit Services
- Contact Us
Back in April of 2016, the latest version of the PCI Data Security Standards, version 3.2, was released. This release brought many changes to the PCI compliance requirements from the previous version, many of which we outlined in our April 2016 webinar. That release was 21 months ago and represents the last revision to the PCI DSS. If that release was almost 2 years ago, why are we talking about it again at this point in time?
As mentioned above, PCI DSS 3.2 brought many significant changes with it. The PCI Security Standards Council was very understanding that it could take time, money, and resources to complete these significant changes. For this reason, they gave merchants and service providers an extended timeframe for implementation. However, that timeframe is quickly coming to an end. What this means for you is that the best practices now become requirements on February 1st.
From April of 2016 through this January 31st, these control objectives were simply best practice recommendations and whether they were implemented or not did not affect the organization’s PCI Compliance status. Beginning February 1st, 2018, merchants and service providers will be required to comply with these control objectives. Here is a brief summary of the changes that become requirements after January 31, 2018:
This list is not meant to be all encompassing, rather it is a high-level overview of the changes. For a full explanation of the changes, feel free to check out the recording of the webinar that we did in December on these changes. To help organizations plan, implement and track your compliance with PCI we have created a simple, effective checklist related to these new control objectives in addition to the other requirements for PCI. Download your copy today and as always, don’t hesitate to drop a line in the comments or contact us with any questions.