Information Security News mailing list archives
Critiquing the New Version of PCI-DSS
From: InfoSec News <alerts () infosecnews org>
Date: Mon, 11 Nov 2013 06:31:31 +0000 (UTC)
http://www.bankinfosecurity.com/critiquing-new-version-pci-dss-a-6208 By Tracy Kitten Bank Info Security November 8, 2013Security experts say they're pleased with many of the changes and additions in this year's update to the Payment Card Industry's Data Security Standard and the Application Data Security Standard. But they also note some glaring omissions and express concern that neither standard has much enforcement action behind it.
What they like about version 3.0 of the two standards, the first update since 2010, is the greater emphasis on third-party and payments processing risks and more stringent security requirements for payment application developers. What they don't like, however, is the update's lack of security requirements for mobile payments and specific strategies for governance of ongoing risk assessments and compliance enforcement.
The new version of the two standards were issued Nov. 7, but they don't take effect until January and they won't be enforced until 2015 (see PCI Update: Focus on Third-Party Risks).
[...] -- Find the best InfoSec talent without breaking your recruiting budget! Post a Job, $99 for 31 days. Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
Current thread:
- Critiquing the New Version of PCI-DSS InfoSec News (Nov 10)