A screenshot from the Trustwave webinar on the new PCI DSS 2.0 standard
(WEB HOST INDUSTRY REVIEW) — Payment card industry compliance solution provider Trustwave (www.trustwave.com) announced on Friday that it supports the updated version 2.0 of the Payment Card Industry Data Security Standard and Payment Application Data Security Standard.
The new version of the standards includes clarifications of existing requirements, says Trustwave, as well as new guidance and changes to evolving requirements.
“After a thorough review of both the PCI DSS and PA DSS, we noted there were no significant changes that would adversely affect our compliant customers or customers in process to become compliant,” said Robert J. McCullen, chairman and CEO of Trustwave, in a statement. “We stand behind the decisions made by the Council and believe this new version will help further secure payment data.”
In announcing its support for the new standards, Trustwave offered an evaluation of the key points for compliant organizations to attend to.
For PCI DSS 2.0, the key changes included: clarifications to an organization’s responsibilities regarding the scoping of the cardholder data environment; and new sources for guidance related to secure coding for non-web based applications.
For PA DSS 2.0, key changes included: new requirements for facilitating centralized logging; clarification of rules relating to storage of cryptographic material; and the merging of requirements 10 and 11.
“We are pleased to see the changes focused on alignment of PCI and PA DSS as well as the elimination of redundant requirements,” says James Paul, senior vice president of delivery at Trustwave, quoted in the announcement. “The changes will help clarify the relationships and demarcation between PCI and PA DSS assessments.”
The changes to both standards take effect January 1, 2011, with the sunset period for existing standards lasting until December 31, 2011.
Trustwave has posted a webinar “PCI DSS 2.0: What can you Expect?” on its website.
About Liam Eagle
Liam Eagle has worked as a contributor to the Web Host Industry Review since its inception in 2000, and as editor since 2003. He has been editor of the WHIR's print magazine since its launch. His daily involvement in the gathering and reporting of Web hosting news and his regular interaction with Web hosting leaders gives him an uncommonly broad appreciation of the issues and tends facing the business. Through his WHIR blog, Liam spots Web hosting trends and offers opinions on the industry-wide impacts of major developments and the motivation behind big announcements. Follow him on Twitter @liameagle
No related posts.
