Being PCI compliant is an integral part of running a business when you deal, in any way, with credit card information. Nettitude audit and assess both service providers and merchants, and we help them maintain compliance year to year. PCI-DSS v3.2 is changing, here is what you need to know.
From February 1st 2018 there are some pretty big requirement changes coming to the PCI-DSS regulation. Up until now all of the changes listed below have been ‘best practices’, however from next month there will be new requirements, so you need to make sure you’re still compliant.
The following changes to PCI-DSS v3.2 go live February 1st:
- Requirement 3.5.1 — Documented cryptographic architecture
- Requirement 10.8 —Detection and reporting of critical security controls failure
- Requirement 10.8.1 —Respond and document failures of any critical security controls
- Requirement 220.127.116.11 — Six-month penetration testing of segmentation controls
- Requirement 12.4.1 — Assign responsibility for PCI DSS compliance and create a PCI DSS charter
- Requirement 12.11.a —Six-month management review of policy and process compliance
- Requirement 12.11.1 —Documentation of the six-month management review
Here at Nettitude we want to make sure you’re ready for the changes, so if you need to know more about each requirement change and want to check if you’ll be PCI-DSS v3.2 compliant from February 1st get in touch with us today. Our PCI services allow you to run through a full checklist of requirements and we’ll let you know if you meet them, and more importantly, what you need to do if you don’t.