Monday, August 10, 2009

PCI DSS v1.2.1

Most of you know that NACUBO in partnership with the Treasury Institute is a participating organization in the PCI Council. One of the benefits to you is that we (meaning "you") get the latest news from the Council directly. One such example is the email I got today from the Council on version 1.2.1 of the PCI DSS.

I mention this only so that if you go to the Council's website and download some of the publications, you will see this new version number. Don't get too excited or concerned: there are no changes to the standard as detailed in the FAQ I received:

The move from version 1.2 to version 1.2.1 of the PCI Security Standards Council’s Data Security Standard (DSS) and Payment Application Data Security Standard (PA-DSS) signifies minor corrections designed to create more clarity and consistency among the standards and supporting documents. The changes are minor, for example; correcting spelling, eliminating redundant lines and updating language to synch with supporting documents.
[emphasis added] There are no additions to the requirements or to the intention of the standards. This change, and the creation of DSS, PA-DSS, and the PA-DSS Program Guide 1.2.1 is administrative in nature.

Each document has been updated with a table of changes on the front page illustrating precisely where the administrative updates have been made within the document.

Additional information in the Council's FAQ includes:

Should I revisit my compliance plans or implementation timelines?
As there are no changes to the intention or requirements of the DSS, your compliance programs will be unaffected by the change from DSS 1.2 to DSS 1.2.1

Do I need to do anything differently?
You should continue to work with your assessor on your current compliance program. There are no changes from v1.2 to DSS 1.2.1.

Does this change your plans to roll out the next version of the PCI DSS?
This will not affect the planned, public lifecycle of the DSS. We are currently in the feedback period of the lifecycle and encourage organizations to share feedback with us through the online feedback form, FAQ tool and direct email contact. The first feedback period runs until November 1st and incorporates both the US and European Community Meetings.

So...if you download any documents from the Council, don't be put off by the new version number.

No comments:

Post a Comment