Home » Payment Card Assessments » PCI DSS 2.0 "Preview"

PCI DSS 2.0 "Preview"

August 13, 2010 Debbie Zaller

Yesterday, the PCI Standards Council posted a document highlighting some of the upcoming changes to the PCI DSS. That document can be found here.

The document is a “teaser” to what is expected to be released in the October timeframe. Two of the roughly four pages speak to the standards development process and feedback cycle. In addition, the Council itself notes that the updates" are relatively straightforward and do not introduce significant changes."

In terms of substantive previews, the following are worth noting:

Additional guidance is expected for cardholder environment definition and data flow mapping (i.e. scoping)
Guidance will be provided on virtualization (emanating from the Special Interest Group on this very topic) including how virtual components are defined "in-scope" as well as guidance on specific controls that were traditionally focused on physical hosts.
Updates to requirement 3.6 for key management to provide additional flexibility for new technologies and evolving ways to manage encryption keys.
Updates to vulnerability management and application security to reflect the evolving nature of those topics.

As with the last update, the devil will be in the details. The new standards are expected to be published in October and will become effective for all assessments performed starting in January 2011. At this time, there is no reason to believe that these changes will significantly impact the scope and cost of onsite assessments.

As always, if you have any questions, feel free to visit our PCI Resource Center or contact one of our QSAs .

About the Author

Debbie Zaller is a Principal at Schellman & Company,LLC. Debbie leads the SOC 2 and SOC 3 service line and is also an AICPA SOC Specialist. Debbie has over 15 years of IT attestation experience and currently spearheads Schellman’s SOC 2 practice, where she is responsible for internal training, methodology creation, and quality reporting. Debbie was a past member of the Florida Institute of Certified Public Accountants’ Board of Governors and served on the Finance and Office Advisory Committee.
More Content by Debbie Zaller

Welcome to our Hub

PCI DSS 2.0 "Preview"

In terms of substantive previews, the following are worth noting:

About the Author

Previous Article

Next Article

PCI DSS 2.0 "Preview"

In terms of substantive previews, the following are worth noting:

About the Author

Previous Article

Next Article

Other content in this Stream

Schellman & Company, LLC, a leading provider of attestation and compliance services, has become an assessor in the PCI Security Standards Council’s new 3-D Secure (3DS) program, and can...

There are some important PCI DSS deadlines coming up. Let’s start with the SSL/early TLS migration. Why is it important for organizations to migrate away from SSL/TLS?

Well over a year ago, the PCI Standards Council announced, in addition to other requirements, that a PCI charter would now be required for service providers after January 31, 2018. Few...

As a follow-up to the "What 2018 Means for Your PCI DSS Assessment" article I posted, a client of mine had a great question regarding the future date for the semi-annual segmentation...

Some of you may have just read the blog title and believe I made a typo on the year, but no, I am here to talk about PCI DSS in 2018. I know it seems crazy to be discussing 2018, as we...

Some of you may have just read the blog title and believe I made a typo on the year, but no, I am here to talk about PCI DSS in 2018. I know it seems crazy to be discussing 2018, as we...

Executive Summary Docker is an advanced framework for deploying applications--in particular, cloud applications. It is notably different than working within traditional virtualization...

Executive Summary Docker is an advanced framework for deploying applications--in particular, cloud applications. It is notably different than working within traditional virtualization...

The Payment Application Data Security Standard (PA-DSS) has been an instrumental part of the PCI family of standards from nearly the beginning of the PCI SSC.

Codifying Your Configuration Standards If you have already gone through a PCI DSS, SOC, HIPAA/HITECH, or ISO assessment, you already know that detailed configuration standards are a...

As we all were working hard, with holiday vacations and a new year in our reach, the PCI SSC released a guidance document that has been long awaited. The Guidance on Scoping and...

Proper scoping remains perhaps the most critical component to successful PCI DSS compliance, and yet still proves challenging amongst organizations looking to comply with PCI DSS.

Every time a cardholder makes a purchase from you, or a merchant takes a transaction through your network or using your services, they are putting their trust in your organization: Trust that...

Schellman & Company, Inc. has released a new resource center on our website for PCI information. Content includes preparedness tools, terms, FAQs, and more. Visit the PCI resource center here.

Preparing for a Payment Card Industry (PCI) compliance assessment is a major task for any size organization. However, companies that store, process, or transmit credit card transactions are...

What Are The Benefits of a PCI Assessment?

The goal of PCI DSS is to reduce the risk of credit card breaches. That, however, is a broad statement intended to apply to any business model and security control set.

Do you find yourself having to ask a retailer whether to swipe or insert your card at the terminal these days? It has been more than a year since the Visa designated deadline of October...

As busy season approaches for many auditors and some personal travel during the holidays, our Chief Financial Officer, PJ Sheil, provided tips for using your credit card overseas.