Version 3.0 Changes

As with all key security standards, PCI-DSS publish updates to their standards, to counter security threats and keep up with ever-changing technology. We have highlighted some of the key changes introduced with this version :-

  • New requirement for network diagrams that shows current cardholder data flow
  • New requirement to ensure that anti-virus solutions are actively running and cannot be disabled or altered by users unless specifically authorized by management on a per-case basis
  • Combined minimum password complexity and strength requirements into single requirement, and increased flexibility for alternatives that meet the equivalent complexity and strength
  • Clarified the requirement for remote vendor access applies to vendors who access, support or maintain system components, and that it should be disabled when not in use
  • Clarified requirement for two-factor authentication applies to users, administrators, and all third parties, including access for support or maintenance
  • New requirement for service providers with remote access to customer premises, to use unique authentication credentials for each customer
  • New requirement to maintain information about which PCI DSS requirements are managed by each service provider and which are managed by the entity and new requirement for service providers to provide the written agreement/acknowledgement to their customers as above

Please call 01993 623 010 to find out how Whitehelm can help you with the security challenges you are facing or further enhance your current PCI DSS solution or e–mail sales@whitehelm.com