There were two press releases released by the Payment Card Industry Security Standards Council (PCIco) today:
- SUMMARY OF CHANGES TO NEXT VERSION OF PCI DATA SECURITY STANDARD
- HOST WEBINAR ON RELATIONSHIP BETWEEN DIFFERENT PCI SECURITY STANDARDS
The first item lists a summary of changes we should expect in PCI 1.2 which will be released in October 2008
Changes to the PCI DSS include clarifications and explanations to the requirements,
with these clarifications offering improved flexibility to address today’s security challenges in the payment card transaction environment
The following are the main highlights:
WEP is no longer allowed and is being phased out
Wireless must now be implemented according to industry best practices (e.g., IEEE 802.11x) using strong encryption for authentication and transmission.
New implementations of WEP are not allowed after March 31, 2009.
Current implementations must discontinue use of WEP after June 30, 2010
Use of anti-virus software applies to all operating system types
Flexibility to the patching requirement by specifying that a risk-based approach may be used to prioritize patch installation
Various re-wording of items for clarification purposes.
Get the details here:
The Payment Card Industry Data Security Standard (DSS) v 1.2 will replace the DSS v. 1.1 on October 1, 2008. This Summary of Changes document provides an overview of the significant differences between the two versions.
The last item relates the the webinar:
“A Perfect Fit - Understanding the Interrelationship of the PCI Standards,” to be held on Thursday August 21, 2008 at 9:00 a.m. EDT and a second session the same day at 7:30 p.m. EDT.
Webinar participants will discover:
• How the PCI DSS, PA-DSS and PED Security Requirements interrelate;
• Why merchants should know about PA-DSS and PED;
• Why incorporating PCI standards is your best approach to protecting cardholder
• Using PCI standards as a model for data security.
To register for the Thursday, September 4, 2008 session at 9:00 a.m. EDT session, visit
http://www.webcastgroup.com/client/start.asp?wid=0650904084241 for the 7:30 p.m. EDT session. The morning webinar