A minor revision to the PCI Data Security Standard (PCI DSS) will be published next month. The new version number will be PCI DSS v3.2.1. The revision is necessary to account for dates that have already passed, such as the February 1, 2018 effective date for new requirements introduced in version 3.2 and the Secure Sockets Layer (SSL)/early Transport Layer Security (TLS) migration dates. There will be no new requirements in this revision. This revision to PCI DSS will not affect the Payment Application Data Security Standard (PA-DSS), which will remain at v3.2.
Here’s a preview of the minor updates stakeholders can expect in PCI DSS v3.2.1:
- Remove notes referring to an effective date of February 1, 2018 for applicable requirements, as this date has passed.
- Update applicable requirements and Appendix A2 to reflect that only POS POI terminals and their service provider connection points may continue using SSL/early TLS as a security control after June 30, 2018.
- Fix minor typographical errors, punctuation and format issues.
The feedback received from Participating Organizations and assessors during the formal PCI DSS feedback period at the end of 2017 is currently being reviewed and considered for the next major release of the PCI DSS. As with any standard release, we will keep PCI SSC stakeholders informed on this process and what they can expect for types of changes and timing of publication.