Qualys Blog

www.qualys.com
qualys

PCI DSS 1.2 Spec Released

PCI-DSS_1-2.gif

PCI DSS 1.2 represents an update to the original 12 requirements found in PCI DSS version 1.1.  The intent of the latest specification is to clarify existing requirements and provide clarification and flexibility in terms of interpretation of the standard.

  • Guidance around scope of PCI DSS and elaborate on segmentation of Cardholder data environment 
  • Clarification of wireless technology requirements and provide sunset date for use of WEP – All WEP implementations must be discontinued as of June 30, 2010 
  • Clarification around requirement 6.6 for web application security to remove references to source code review and add use of automated assessment tools 
  • Require employees that interact with cardholder data to review and accept security policy annually
  • Compensating controls should now be reviewed and validated annually by a qualified assessor 
  • Flexibility for incorporation of evolving technologies and threats 
  • Announcement of Quality Assurance program for assessors

Listen to Podcast
Read Summary

Related Coverage:
Credit-Card Security Standard Issued After Much Debate, by Ellen Messmer, Network World
Payment Card Security Toughens With DSS 1.2 Release, by Jabulani Leffall, Redmond

Leave a Reply