By Natasja Bolton, Senior Acquirer Support
The Prioritised Approach for PCI DSS, has been updated by the PCI Council to reflect the updated PCI DSS version 3.2. As most of you will know, the Prioritised Approach and its associated Excel Tool offers a risk-based, incremental approach to PCI DSS compliance. It defines six security milestones to aid merchants and other organisations identify and prioritise activities based on their highest risks.
The v3.2 release of the Prioritised Approach has retained the milestone approach incorporating the new PCI DSS requirements into the six milestones. It has also made changes to the assigned milestones for some existing requirements to reflect the evolving risk environment.
The changes
Type of Change | Details |
New Requirements
|
Applicable to All Entities:
Applicable to Service Providers Only:
|
Milestones Changes |
|
We understand that many of you use the Prioritised Approach Tool as a reporting and status tracking mechanism for your Level 1, Level 2 and managed merchants. It is, therefore, important you make sure that your customers have been notified not only of the release of PCI DSS v3.2 and the October demise of PCI DSS v3.1 but also of the release of the associated Prioritised Approach Tool.
Many merchants may continue using the v3.1 version of Prioritised Approach because they are aiming to achieve PCI DSS compliance before PCI DSS v3.1 is retired. However, for those whose planned compliance date is beyond that, Sysnet recommend that they are made aware of the availability of the v3.2 Prioritised Approach Tool so that they can build a complete picture of their compliance status against the v3.2 Standard.
This will help them to start their planning to achieve the new best practice requirements well in advance of the 2018 deadline (January 31, 2018 when the new requirements introduced with PCI DSS v3.2 become mandatory).
For a simpler and more manageable route, Sysnet has incorporated the Prioritised Approach milestones into Sysnet.air our security and compliance platform. The latest release of Sysnet.air enables acquirers to easily track and monitor the progress of their customers and upload the documentation as they traverse their PCI DSS compliance journey. For more information request a call back or contact info@sysnetgs.com