The Prioritized Approach is now updated for 3.1
“Prioritized Approach for PCI DSS Version 3.1” is still a PDF doc that introduces the concept.
And the “Prioritized Approach Tool Version 3.1” is still a (edit password protected!) Microsoft Excel worksheet.
The only differences I have noted so far in the worksheet tool from Nov 2014 V3 are:
- Column A width is reduced. (More scrolling now!)
- Requirement 6.5.6 does not call out requirement 6.5.10 (broken authentication session management) as being applicable to web apps and application interfaces.
- V3.1 has an extra row (row 92) to remind us that requirements 6.5.1 through 6.5.6 apply to all applications (internal and external)
- Rebecca Watris is added as author in the metadata.
- and of course, SSL/TLS clarification in requirements 2.2.3 and 2.3.
Just housekeeping? Let me know what I missed.
Ad below this line: