Get Ready for PCI 3.0 - SANS Internet Storm Center

SANS ISC InfoSec Forums

Get Ready for PCI 3.0
RIght on schedule (see their lifecycle doc at https://www.pcisecuritystandards.org/pdfs/pci_lifecycle_for_changes_to_dss_and_padss.pdf), the folks at PCI DSS have released a "what to expect" document for PCI 3.0. I'm a bit late commenting on this - somehow I missed this when it was posted in August. Specifically called out in the doc are: Lack of education and awareness Weak passwords, authentication Third-party security challenge Slow self-detection, malware Inconsistency in assessments The change document is here: https://www.pcisecuritystandards.org/documents/DSS_and_PA-DSS_Change_Highlights.pdf It'll be interesting to see what the final document will look like when it's released in November, and what happens when QSA's turn the PCI guidance into audit findings and recommendations. ============== Rob VandenBrink Metafore	Rob VandenBrink 515 Posts ISC Handler
Subscribe	Sep 5th 2013 5 years ago