Wednesday, January 5

PCI-DSS Version 2.0 - Standard Effective

If you've stayed connected to the PCI-DSS world, you'll know that version 2.0 of the standard was released late last year.  As of January 1st, 2011 stage 2 has begun, which means the standard becomes effective.  Which unfortunately only means that stakeholders (merchants, processors, etc) should start using the new standard and not the old, not that the standard provides effective security (that would be nice if you could just announce that kind of thing).  Here is a link to the standard's lifecycle to make this more clear.

Keep in mind that you can still use the old standard for compliance reporting for 14 months, but if the new standard is available, its likely a good idea to get a handle on the changes and how they'll affect your compliance program.
Post a Comment