Have you read the PCI Security Standards Council blog post with a version 3.2 Q&A with Chief Technology Officer Troy Leach yet?
Some of the highlights include:
What’s in 3.2?
- evaluating additional multi-factor authentication for administrators within a Cardholder Data Environment (CDE);
- incorporating some of the Designated Entities Supplemental Validation (DESV) criteria for service providers;
- clarifying masking criteria for primary account numbers (PAN) when displayed;
- the updated migration dates for SSL/early TLS that were published in December 2015
When will it be released?
- soon! March/April
Version 3.2 will become effective as soon as it’s published, and version 3.1 will be retired three months later to allow organizations to complete PCI DSS v3.1 assessments already under way. Keep in mind, though, that new requirements always have a sunrise date prior to them being effective.
Read the whole blog post for more info: http://blog.pcisecuritystandards.org/preparing-for-pci-dss-32
Ad below this line: