PCI Standard 1.2 goes live today

Wednesday, October 1, 2008

Payment Card Industry Security standard today goes live with version 1.2 which some important changes. This revision was based on feedback from the corporations and it also incorporates some relaxation to the Security folks on Firewall rules review etc.

There are lot of speculations and questions when relating to terms and statements used in the old PCI standard which includes 1.1 and the PCI standard 1.2 tries to clarify the requirements rather than just beating around the bush and tells the companies what to do and what they expect. For eq.

1) Firewall rules can now be reviewed in 6 months rather than the current 3 months /quarter.
2) Then every Wireless implementation should be with WEP / WPA encryption.
3) Risk based approach to patch management rather than deadline patching.
4) Penetration testing can be done internally no need for external third parties (cost saving).
5) Policy to outline and keep a check on Managed Security Services providers.

The standard can be found at PCI Security Standards Website.

2 comments:

Rohit said...

many companies do pci just for the sake of compliance so that they can do business. so it was important for pci board to make it simple they had no choice

Rohit

Ani said...

I partially agree with you because most of the Large corps. CxO's I have come across support the implementation of Compliance because that is one way they can have more control over their IT environment and according to recent media reports you can see that CxO's are been made the scapegoat for data theft. So their attitude is changing about the Security Policies as well Compliance like PCI, SOX. Even they want to keep their jobs.

On the other side more than 80% Small to mid size businesses are the ones who just do it for compliance reasons and they are the only people who bitch about it.

The attitude towards security compliance is changing among corporates but it will surely take some more time and there is noway you can please people when you make them spend money which they think is just a piece of paper.

Anish

  © Blogger templates Newspaper by Ourblogtemplates.com 2008

Back to TOP