Security Management Strategies for the CIOThe Payment Card Industry Data Security Standard (PCI DSS) has not had an update since version 1.2 in October 2008, but that has changed with version 2.0 of PCI DSS (.pdf), which was published Oct. 28, 2010. The recent "Summary
Requires Free Membership to View
of Changes" document released by
the PCI Security Standards Council (SSC) on Aug. 12 covers the proposed changes in version 2.0, and
as experts expected, few alterations were made between the summary and the final release.
In this PCI 2.0 learning guide, we will discuss how the Payment Application Data Security Standard (PA DSS) and PCI compliance requirements have changed, examine why the changes were made and explain how PCI 2.0 will affect your enterprise.
PCI 2.0: Changes aren't drastic, but don't address card brand autonomy
With the
new version of PCI DSS now available, many organizations are wondering how their current compliance
programs and processes will be affected. Will new controls be needed? How will the standard handle
emerging technologies like tokenization and server virtualization in the card data environment?
In this analysis of the changes in PCI DSS version 2.0, PCI expert Diana Kelley of consultancy SecurityCurve highlights the pros and cons of changes in PCI 2.0 and claims that while most merchants' compliance programs won't be drastically affected, some of the standard's key shortcomings remain.
PCI 2.0: PCI assessment changes explained
Version 2.0 of PCI DSS could force enterprises
to make some changes to their compliance programs, and organizations should begin to think about
this potential changes from a PCI assessment standpoint. Fortunately, there's time, but there's
still no time to waste.
In this tip, PCI DSS expert Ed Moyle discusses the changes that organizations can expect from the standards new version, specifically detailing how the changes in PCI DSS 2.0 will affect companies during the PCI assessment process.
PCI DSS 2.0 and virtualization compliance for SMBs
The new 2.0 version of PCI DSS will introduce some revisions to
the standard's compliance requirements, including key changes for SMBs in the areas of
virtualization and vulnerability assessments.
In this tip from SearchMidmarketSecurity.com, expert Mike Chapple details the changes organizations can expect to see with PCI 2.0 and explains what midmarket firms in particular must do to comply with the new PCI compliance requirements.
PCI Security Standards Council address secure coding, key management in PCI DSS 2.0
In this next
iteration of PCI DSS, version 2.0, the Payment Card Industry Security Standards Council has
made its intentions clear to make clarifications on secure coding and key management, as well as a
change that recommends merchants use data discovery tools to find cardholder data prior to a PCI
assessment. This SearchSecurity.com news article highlights these changes, as well as some other
aspects of the new version of the standard.
PCI DSS 2.0 brings clarity and guidance for UK merchants
With the debut of PCI DSS 2.0, the PCI SSC focuses on guidance for risk-based compliance, and
addresses issues such as virtualization and cloud security.
In this article, UK bureau chief Ron Condon discusses why any organisation handling credit card details will breathe a sigh of relief with the release of PCI 2.0, which introduces few new requirements and offers more clarification and guidance to help merchants with their compliance efforts.
| PCI 2.0 and Virtualization |
How PCI 2.0 affects virtualization compliance
Before PCI 2.0 was released, many enterprise security and compliance managers wanted to know
whether the new standard would cover virtualization compliance.
In this tip from SearchVMware.com, Eric Siebert explains how PCI 2.0 affects virtualization, how the standard offers a more guidance on virtualization compliance, and also examines how PCI 2.0 still leaves a lot of room for interpretation.
Virtualization pros grapple with PCI 2.0
While the PCI 2.0 security standard has clarified that server virtualization technology can be used
in PCI-regulated environments, but, according to users, PCI
compliance in virtual environments still has some grey areas.
In this article, Beth Pariseau, senior news writer for SearchServerVirtualizatiion.com, discusses how the new standard answers some of the questions formerly surrounding PCI and virtualization, but left other unanswered.
VMware and partners release PCI guidance: Virtualization news in brief
In this article from SearchServerVirtualization.com, compiled of news briefs, virtualization
product vendors offer guidance for PCI-compliant
virtual data centers. These briefs also include news on CA's acquisition of Hyperformix and
Zimbra's certification program.
This was first published in October 2010
Join the conversationComment
Share
Comments
Results
Contribute to the conversation