New changes in the Payment Card Industry Data Security Standard (PCI DSS) version 1.2 have been disclosed prior to its release in October.
According to a summary of the changes released by the PCI Security Standards Council (PCI), the modifications include clarifications and explanations of requirements to adhere to the guidelines of the council.
In a statement, the PCI said, “These clarifications will eliminate existing redundant sub-requirements while improving scoping and reporting requirements. When version 1.2 is released, incorporating existing best practices, supporting documents will also be updated and consolidated.”
According to a notice posted on the PCI website, “Version 1.2 of the PCI DSS is a revision to the standard that does not introduce any new requirements. Therefore, version 1.2 will become effective immediately upon public release, currently scheduled for [Oct. 1]. The sunset date for version 1.1 has not yet been determined, but will be at a minimum three months after the publication date.”
Bob Russo, general manager of the PCI Security Standards Council, said in a statement: “Version 1.2 should be seen as an improvement, not a departure from tried and true best security practices. By distributing a summary of the forthcoming changes, we are ensuring that stakeholders are not taken by surprise by any of the clarifications.”