On January 1, 2011 the Payment Card Industry (PCI) Data Security Standard (DSS) version 2.0 took effect. The new requirements represent a daunting task when it comes to improving an organization's existing security policies to include virtualized environments, policy governance, risk remediation, and 100% asset coverage.
The sheer volume of data required to scope, analyze, mitigate, certify, and finally maintain people, assets, data sets, and applications renders the traditional approach of continuous consulting in combination with Microsoft® Excel spreadsheets ineffective.
While the media has been very light on detailing how significant the changes in PCI DSS 2.0 are and how they impact organizations that store, process, or transmit account data, the PCI Security Standards Council must have recognized the significance of these modifications, since they provided a timeline that allows organizations to work for a full year before having to demonstrate compliance with PCI DSS 2.0.
After all, when the PCI Security Standards Council initially introduced the changes to a group of 62 merchants, service providers, and retailers, it became immediately apparent that there was a need for clarification of several areas and recommendations on processes. The reaction of the participating organizations ranged from confusion to all out panic. Performing PCI and CISP assessments along with helping many service providers, retailers, and e-tailers with remediation for the past several years gives Payment Software Company (PSC) a unique background to analyze and report on the release of any new PCI standard. This white paper will provide organizations required to comply with PCI DSS the necessary insight and guidelines to understand PCI DSS 2.0.