Newsletter 1/2015
Within this newsletter we want to announce some information about the upcoming new versions of the PCI standard. The most important topics are:
1. P2PE new version 2.0 in preparation
2. Update v3.1 for PCI DSS and PA-DSS
P2PE Version 2 in final preparation!
The PCI Council announced for second quarter 2015 a new version v2.0 of the P2PE standard. the following adoptions and clarifications are expected:
- Domains restructured with focused intent and purpose, creating succinct compartmentalization, thereby easing compliance, assessment, and individual solution component validation (where applicable).
- The current hardware/hardware and hardware/hybrid standards have been merged into version 2.0.
- Removal of the majority of PIM (P2PE Instruction Manual) requirements into a PIM template, easing the preparation process for solution providers and enhancing PIM understanding and readability for merchants.
- Introduction of a new domain (Domain 4) for merchant-managed P2PE solutions, for large merchants that manage the encryption/decryption functions for their stores/shops.
PCI DSS and PA-DSS Revision v3.1, Update announced!
In order to address a few minor updates and clarifications and one impacting change, there will be a revision for PCI DSS and PA-DSS v3.0 in the very near future. The impacting change is related to several vulnerabilities in the SSL protocol. Because of this, no version of SSL meets PCI SSC’s definition of “strong cryptography,” and updates to the standards are needed to address this issue
The new version 3.1 is annpunced for first quarter of 2015 and shall become effective immediately.