PCI DSS Minor Revision 3.2.1

25. May 2018

On 17 May 2018, the Security Standards Council (PCI SSC) published a minor revision to the PCI DSS. Revision 3.2.1 will become binding as of 1 January 2019 – version 3.2. remains valid through 31 December 2018.
The minor revision does not introduce any new requirements but eliminates confusion around effective dates and migration deadlines for SSL/early TLS.

The minor changes in PCI DSS v3.2.1 reflect how existing requirements are affected once the effective dates and migration deadlines for SSL/TLS (30 June 2018) have passed. The individual changes include:
• Elimination of notes referring to an effective date of 1 February 2018 for applicable requirements
• Updates to applicable requirements and Appendix A2 to reflect that only POS POI (point of sale point of interaction) terminals and their service provider connection points may continue using SSL/early TLS as a security control after 30 June 2018
• Removal of multi-factor authentication (MFA) from the compensating control example in Appendix B, as MFA is now required for all non-console administrative access; addition of one-time passwords as an alternative potential control for this scenario
The changes do not affect the Payment Application Data Security Standard (PA-DSS).


About the PCI Expert Tips:
With our PCI Expert Tips, we would like to keep you informed about changes to the PCI Security Standards and provide you with initial explanations as to what the changes entail and how they may affect you. Please take our articles as a general reference only – they do not replace individual case-by-case evaluations.
Should you have any questions or need assistance, please contact us. Our specialists are happy to help.
+49 6102 8631-190
sales@usd.de
Source: https://www.pcisecuritystandards.org/

Also interesting:

3 Reasons for a Cloud Security Audit

3 Reasons for a Cloud Security Audit

Outsourcing applications and data to the cloud brings significant benefits for companies, but at the same time also new challenges for the corresponding IT departments. The technologies and processes of a cloud environment differ from those of local data centers....

usd HeroLab Top 5 Vulnerabilities 2020: SMB 1.0 & SMB Signing

usd HeroLab Top 5 Vulnerabilities 2020: SMB 1.0 & SMB Signing

During penetration tests our security analysts repeatedly uncover gateways in IT systems and applications that pose significant risks to corporate security. They increasingly identify the same vulnerabilities in different IT assets, some of which have been known for...

Categories

Categories