Menu

PCIDSS Version 3

Tue 28th Jan 2014

As most security pros with PCI in their compliance scope are no doubt already aware, the PCI Security Standards Council (SSC) has released version 3.0 of the Payment Card Industry Data Security Standard (PCI DSS).

As it has done in the past, the SSC has once again provided a summary of changes highlighting the differences between version 2.0 and 3.0 of the standard. And if you're a merchant or assessor, both documents (the summary and, indeed. the new version itself) should be on your short list of required reading between now and January, when the new requirements go into effect.
When it unveiled PCI DSS 2.0 in 2010, the council set an expectation that increasing maturity in the standard tends to minimize the need for changes.

In other words, that as the standard continues to evolve and new versions are rolled out, the need for new requirements should tend to decrease.

As such, it's not terribly surprising that the majority of the changes in PCI DSS version 3.0 are clarification-related and supplemental, not (for the most part) new requirements.

PCIDSS Support