Standard Name
PCI DSS (PCI Data Security Standard)
Industry Standard
PCI
Publication Number
PCI-DSS v3.2
Standard Date
4/28/2016
Standard Link
https://www.pcisecuritystandards.org/security_standards/documents.php
Securezoo Overview
As published in a press release on April 28, 2016:

"The PCI Security Standards Council (PCI SSC) published a new version of its data security standard, which businesses around the world use to safeguard payment data before, during and after a purchase is made. PCI Data Security Standard (PCI DSS) version 3.2 replaces version 3.1 to address growing threats to customer payment information. Companies that accept, process or receive payments should adopt it as soon as possible to prevent, detect and respond to cyberattacks that can lead to breaches. Version 3.1 will expire on 31 October 2016."


Key changes in PCI DSS 3.2 also include:
  • Revised Secure Sockets Layer (SSL) and early Transport Layer Security (TLS) sunset dates as outlined in the Bulletin on Migrating from SSL and Early TLS
  • Expansion of requirement 8.3 to include use of multi-factor authentication for administrators accessing the cardholder data environment
  • Additional security validation steps for service providers and others, including the “Designated Entities Supplemental Validation” (DESV) criteria, which was previously a separate document.

 

Topics
Information Security Program
Information Security Standards