Posted by John Kindervag on August 13, 2010
The PCI Security Standards Council released the summary of changes for the new version of PCI — 2.0. Merchants, you can quit holding your breath as this document is a yawner — as we’ve long suspected it would be. In fact, to call it 2.0 is a real stretch as it seems to be filled — as promised by earlier briefings with the PCI SSC — merely with additional guidance and clarifications. Jeff, over at the PCI Guru, has a great review of the summary doc so I won’t try to duplicate his detailed analysis. The most helpful part of the doc is an acknowledgement that more guidance on virtualization — the one function per server stuff — will finally be addressed.
Suffice it to say, it doesn’t look good for all those DLP vendors looking for Santa Compliance to leave them a little gift under the tree this year. I’ve been hearing hopeful rumors (that I assume start within the bowels of DLP vendor marketing departments) that PCI would require DLP in the next version. Looks like it’s going to be a three year wait to see if Santa will finally stop by their house.
Remember that this is a summary of changes so there’s not that much meat yet. The actual standard will be pre-released early next month with the final standard coming out after the European Community Meeting in October.
Search Forrester's Blogs
Free Mobile Mind Shift Webinar Series
Learn how to win your customers' mobile moments in this three-part series »
Free On-Demand and Live Events
Latest events from Forrester analysts, online and in person. »