PCI DSS v1.2 Released

October 2, 2008

The Payment Card Industry Security Standards Council (PCI SSC) has released the new version 1.2 of the Data Security Standard (DSS) . Review the following information to understand how this change will impact PCI validation for your company.

PCI Document Overview

PCI DSS v1.2 available at: https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

PCI DSS Summary of Changes & PCI DSS Summary of Changes FAQs available at: https://www.pcisecuritystandards.org/ security_standards/supporting_documents.shtml

v1.2 Impact:

Requirement 11.3 – internal penetration test

Requirement 11.3, internal penetration tests has been added to the requirement. In v1.1 only external penetration tests were required, but the scope has been increased to include internal tests as well.

When does v1.1 expire?

It is not expired yet

f you have not started a new assessment then you can use version 1.1 of the PCI DSS for assessment purposes up to the sunset date published by the Council. Further, if you are currently in the process of an assessment using 1.1 you may continue to do so. The sunset date for version 1.1 has not yet been determined, but will be at a minimum three months after the publication date. Once the sunset date has been published, that timeframe and date will signify that all new PCI DSS assessments must be conducted using the latest version or revision.

Understanding the PCI DSS

The council has also provided a great supplemental document titled Navigating PCI DSS: Understanding the Intent of the Requirements. This guide gives more detail on each requirement and sub-requirement of the PCI DSS and should be used as a reference for any discussions around PCI compliance issues.

Contact SecureState

SecureState is a Qualified Security Assessor that performs PCI assessment services and audits. Please contact us if you have any questions about this change in PCI validation requirements.

23340 Miles Road, Unit C
Cleveland, OH 44128
Tel: 800.903.6264
Web: www.SecureState.com