PCI 3.2 – Have SAQs Been Changed?

13. September 2016

As of 31 October 2016, it will no longer be possible to use Self-Assessment Questionnaires (short: SAQs) PCI DSS version 3.1. Companies that validate their PCI DSS compliance by completing an SAQ now face the question of whether, and to what extent, they will be affected by the new PCI DSS version 3.2.
We have therefore compiled an overview of the changes for you and briefly address the focus of the changes below.

SAQ A: SAQ A: This SAQ has been expanded by seven requirements which focus on the areas of user management and development of an Incident Response Plan.
SAQ A-EP: Gaining an additional 39 requirements, this SAQ is affected the most by the PCI version changes. The new requirements concern areas such as network security, secure development, authentication, logging and IDS / IPS (intrusion detection systems and intrusion prevention systems).
SAQ B and SAQ B-IP are not affected by the PCI 3.2 changes.^
SAQ C: Companies that validate their compliance using this SAQ can expect 17 additional requirements, including in areas of user management, authentication & physical security.
SAQ C-VT: This SAQ has been expanded by requirements in the areas of user management and physical security as well.
SAQ P2PE: With PCI DSS 3.2, companies that fall under the SAQ P2PE category have to fulfil two requirements less than before. These requirements concern masking (requirement 3.3) and transmission of PANs (requirement 4.2).
We are happy to assist you with any questions you might have. Please contact our PCI Competence Center.

Also interesting:

Andrea Tubach is the new CEO of usd AG

Andrea Tubach is the new CEO of usd AG

Yesterday, at usd's Annual General Meeting and the subsequent meeting of the new Supervisory Board, long-prepared personnel changes were unanimously approved and then celebrated with an atmosphere of deep friendship: Andrea Tubach takes over as CEO. The founder and...

Security Advisories on Vtiger

Security Advisories on Vtiger

The pentest professionals at usd HeroLab examined Vtiger Open Source Edition 8.2.0 during the execution of their pentests. Our analysts discovered two vulnerabilities in the Vtiger software that allow low-privileged authorized users to upload files and execute...

NIS-2 Draft Bill under Examination: Everything You Need to Know

NIS-2 Draft Bill under Examination: Everything You Need to Know

A few days ago, the AG KRITIS published the latest draft bill on the NIS-2 Implementation Law (NIS2UmsuCG) on its website. Which requirements could become relevant for you if the law is passed in this version? Our experts have analyzed the draft for you and summarized...

Categories

Categories