
According to a summary of the changes released by the PCI Security Standards Council (PCI), the changes include clarifications and explanations of requirements to adhere to the guidelines of the Council.
In a statement, the PCI said, “These clarifications will eliminate existing redundant sub-requirements while improving scoping and reporting requirements.
When version 1.2 is released, incorporating existing best practices, supporting documents will also be updated and consolidated.”
According to a notice posted on the PCI website, “Version 1.2 of the PCI DSS is a revision to the standard that does not introduce any new requirements.
Therefore, version 1.2 will become effective immediately upon public release, currently scheduled for October 1, 2008. The sunset date for version 1.1 has not yet been determined, but will be at a minimum three months after the publication date.”
Bob Russo, general manager, PCI Security Standards Council, said in a statement, “Version 1.2 should be seen as an improvement, not a departure from tried and true best security practices. By distributing a summary of the forthcoming changes, we are ensuring that stakeholders are not taken by surprise by any of the clarifications.”
See original article on scmagazineus.com