Nine new PCI DSS requirements will become required as of February 1, 2018. Until February 1, 2018, they will be considered best practices. While there are only nine new items, they could have a significant impact on your environment. If you have not already started to work on these items, you are likely already behind. In this webinar, Jeff Wilder will discuss how to prepare for and implement these requirements.
The new PCI DSS requirements for everyone include:
- 6.4.6 – Upon completion of a significant change, all relevant PCI DSS requirements must be implemented on all new or changed systems and networks, and documentation updated as applicable.
- 8.3.1 – Incorporate multi-factor authentication for all non-console access into the CDE for personnel with administrative access.
The new PCI DSS requirements for service providers include:
- 3.5.1 – Maintain a documented description of the cryptographic architecture.
- 10.8 – Implement a process for the timely detection and reporting of failures of critical security control systems.
- 10.8.1 – Respond to failures of any critical security controls in a timely manner.
- 220.127.116.11 – If segmentation is used, confirm PCI DSS scope by performing penetration testing on segmentation controls at least every six months and after any changes to segmentation controls/methods.
- 12.11 – Perform reviews at least quarterly to confirm personnel are following security policies and operational procedures.
- 12.11.1 – Maintain documentation of quarterly review process.