Council announce PCI DSS V3.2 update

Council announce PCI DSS V3.2 update

The threat landscape over the last few months has changed considerably, vulnerabilities such as POODLE severely undermined what were considered to be strong cryptographic protocols.


Though it’s been less than a year since the last version of the Payment Card Industry Data Security Standard (PCI DSS) was released, the PCI Security Standards Council have announced that they will be rolling out version 3.2 of PCI DSS between March and April of this year in order to address these vulnerabilities.


The council have stated that the new standard will largely focus on improvements that include:


Preparation for the updated standard

The new version will be effective as soon as it is published, with version 3.1 being phased out over a three month period to allow organisations that have PCI DSS V.3.1 assessments currently underway to complete them.


It is therefore essential that organisations stay abreast on the release of v3.2 so that they find out the details of the new and updated requirements as soon as possible, maximising the time available to them to achieve compliance with the new standard.


Sysnet notes however that, as was the case when Requirement 9.9 was introduced with v3.0, any new requirements will be considered best practices for a sunrise period, which will be based on the release date of v3.2. This sunrising of the new requirements will give organisations a further time period in which to assess the implications of and plan for the implementation of those new requirements. 


As an example, for Requirement 9.9, that sunrise period was 17 months from the release of v3.0.


Webpage URL

Find out more about our PCI DSS compliance services by clicking the button below