The focus of the 1.1 revision has been to address questions about how
to implement the standard. The standard has been updated to provide
clarification to certain requirements and to give flexibility for
compensating controls for complex requirements such as data encryption.
These updates are designed to acknowledge partner and customer
feedback, along with technical compliance constraints, and foster rapid
adoption, while maintaining the robustness of the security measures in
the January 2005 version. Additional requirements have been added to
address emerging threats related to application security.
The Council has compiled a Summary of Changes
describing the significant differences between the two DSS versions; to
read this document, click here.
When will the new version of the PCI Data Security Standard (version 1.1) become effective?
Version 1.1 of the PCI Data Security Standard became effective with the
launch of the PCI Security Standards Council. Some of the more complex
individual requirements contained in the new version of the standard
have built-in lead time for implementation.
Where can I get details of these requirements?
The PCI DSS version 1.1 and all supporting documentation can be found at www.pcisecuritystandards.org.