What Are the New PCI 3.0 Requirements?


By Sarah Morris, KirkpatrickPrice

Are you aware of the changes to PCI 3.0? The Payment Card Industry (PCI) Council has developed new changes to the PCI DSS requirements by asking one question: What will improve payment security?

While the core 12 security areas will remain the same, several new sub-requirements have been implemented for increased clarification and understanding.

What are the biggest changes being made to PCI DSS 3.0?

  1. Penetration Testing Requirements – The new penetration testing requirements include an implemented penetration test to verify that the controls used to segment the environment are operational and effective.
  2. Service Provider Responsibilities – By emphasizing that security is a shared responsibility, the council has further defined the responsibilities of service providers such as providing written vendor acknowledgement for each DSS requirement for which they are responsible.
  3. Password Requirements – Enhanced awareness to ensure password security is due to the fact that unchanged default passwords are a common cause of data compromises. Password security is one of the first building blocks in securing your environment.

You can download the full list of new requirements here (PCI-DSS-3.0 requirements). Let me know if you would like to learn more about these new changes and how they affect you.

Leave a Comment