Updated – Prioritised Approach for version 3.2 

Updated - Prioritised Approach for version 3.2 

By Natasja Bolton, Senior Acquirer Support


The Prioritised Approach for PCI DSS, has been updated by the PCI Council to reflect the updated PCI DSS version 3.2. As most of you will know, the Prioritised Approach and its associated Excel Tool offers a risk-based, incremental approach to PCI DSS compliance.  It defines six security milestones to aid merchants and other organisations identify and prioritise activities based on their highest risks.


The v3.2 release of the Prioritised Approach has retained the milestone approach incorporating the new PCI DSS requirements into the six milestones.  It has also made changes to the assigned milestones for some existing requirements to reflect the evolving risk environment.


Webpage URL

Find out more about our PCI DSS compliance services by clicking the button below


The changes
Type of Change Details
New Requirements


Applicable to All Entities:

  • PCI DSS Requirement 8.3.1 assigned as Milestone 2
  • Appendix A2 Requirements assigned as Milestone 2
  • PCI DSS Requirement 6.4.6 assigned as Milestone 6

Applicable to Service Providers Only:

  • PCI DSS Requirement assigned as Milestone 2
  • PCI DSS Requirement 10.8 and 10.8.1 assigned as Milestone 4
  • PCI DSS Requirement 3.5.1 assigned as Milestone 5
  • PCI DSS Requirement 12.4.1 assigned as Milestone 6
  • PCI DSS Requirement 12.11 and 12.11.1 assigned as Milestone 6
Milestones Changes
  • PCI DSS Requirement 2.2.3 moved from Milestone 3 to Milestone 2
  • This is the requirement for businesses using any insecure services, protocols or daemons, to have additional security features in place
  • PCI DSS Requirement 8.1 and 8.2 and all sub-requirements moved from Milestone 4 to Milestone 2
  • These are the requirements for user authentication and identification management, including unique IDs, account management, account lockout and password parameters


We understand that many of you use the Prioritised Approach Tool as a reporting and status tracking mechanism for your Level 1, Level 2 and managed merchants.  It is, therefore, important you make sure that your customers have been notified not only of the release of PCI DSS v3.2 and the October demise of PCI DSS v3.1 but also of the release of the associated Prioritised Approach Tool.


Many merchants may continue using the v3.1 version of Prioritised Approach because they are aiming to achieve PCI DSS compliance before PCI DSS v3.1 is retired. However, for those whose planned compliance date is beyond that, Sysnet recommend that they are made aware of the availability of the v3.2 Prioritised Approach Tool so that they can build a complete picture of their compliance status against the v3.2 Standard. 


This will help them to start their planning to achieve the new best practice requirements well in advance of the 2018 deadline (January 31, 2018 when the new requirements introduced with PCI DSS v3.2 become mandatory).


For a simpler and more manageable route, Sysnet has incorporated the Prioritised Approach milestones into Sysnet.air our security and compliance platform. The latest release of Sysnet.air enables acquirers to easily track and monitor the progress of their customers and upload the documentation as they traverse their PCI DSS compliance journey. For more information request a call back or contact info@sysnetgs.com


Like this Article?

Subscribe to receive more tips & news about Cyber Security, Compliance and a lot more!

  • Sysnet Global Solutions will use the information you provide on this form to be in touch with you regarding non-promotional as well as promotional material by email and phone. If you agree to same, then please select the ‘I consent’ box after reading the terms and conditions listed below in relation to consent. You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, update your preferences for communications, content etc. by clicking on the update my preferences button in any email we send you or by contacting us at marketing@sysnetgs.com We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms. We use Pardot as our marketing automation platform. By clicking below to submit this form, you acknowledge or agree that the information you provide will be transferred to Pardot for processing in accordance with their Privacy Policy and Terms