PCI 3.2 – Have SAQs Been Changed?
13. September 2016

As of 31 October 2016, it will no longer be possible to use Self-Assessment Questionnaires (short: SAQs) PCI DSS version 3.1. Companies that validate their PCI DSS compliance by completing an SAQ now face the question of whether, and to what extent, they will be affected by the new PCI DSS version 3.2.
We have therefore compiled an overview of the changes for you and briefly address the focus of the changes below.

SAQ A: SAQ A: This SAQ has been expanded by seven requirements which focus on the areas of user management and development of an Incident Response Plan.
SAQ A-EP: Gaining an additional 39 requirements, this SAQ is affected the most by the PCI version changes. The new requirements concern areas such as network security, secure development, authentication, logging and IDS / IPS (intrusion detection systems and intrusion prevention systems).
SAQ B and SAQ B-IP are not affected by the PCI 3.2 changes.^
SAQ C: Companies that validate their compliance using this SAQ can expect 17 additional requirements, including in areas of user management, authentication & physical security.
SAQ C-VT: This SAQ has been expanded by requirements in the areas of user management and physical security as well.
SAQ P2PE: With PCI DSS 3.2, companies that fall under the SAQ P2PE category have to fulfil two requirements less than before. These requirements concern masking (requirement 3.3) and transmission of PANs (requirement 4.2).
We are happy to assist you with any questions you might have. Please contact our PCI Competence Center.

Also interesting:

3 Reasons for a Cloud Security Audit

3 Reasons for a Cloud Security Audit

Outsourcing applications and data to the cloud brings significant benefits for companies, but at the same time also new challenges for the corresponding IT departments. The technologies and processes of a cloud environment differ from those of local data centers....

usd HeroLab Top 5 Vulnerabilities 2020: SMB 1.0 & SMB Signing

usd HeroLab Top 5 Vulnerabilities 2020: SMB 1.0 & SMB Signing

During penetration tests our security analysts repeatedly uncover gateways in IT systems and applications that pose significant risks to corporate security. They increasingly identify the same vulnerabilities in different IT assets, some of which have been known for...

Categories

Categories