Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: PCI DSS version 3.2.1 is out - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
PCI DSS version 3.2.1 is out

I know I can hear the collective groan out there. It is ok though the changes in this release are few and no real changes in the controls themselves.  It just formalises those controls that were best practice until February 2018 and June 2018.  These are now part of the requirements so can no longer be marked as Not Applicable.  

What will you need to do?  Not much really, you should have already implemented the controls that were best practice until earlier this year. The other deadline of removing early TLS is coming up. However, the majority of you will have already addressed this. If not you will be non compliant by July 1 2018. 

The current standard 3.2 will be valid until December 31 2018, so you can still certify to it, but there isn't any real benefit to doing that. 

The standard can be downloaded from the council's website.  There is also a "these are the changes" document.   

( . 




Mark H - Shearwater


392 Posts
ISC Handler
May 18th 2018

Sign Up for Free or Log In to start participating in the conversation!