September 18, 2008 in security, standards by Daniel Nyström | 2 comments

Niffty on Flickr - http://flickr.com/photos/nealf/
Photo: Niffty on Flickr.

From Branden Williams (Verisign):

“[...] Seriously though, are you ready? Version 1.1 has been around for over two years now (birthday was September 7, 2006), and by now you should have been able to validate as compliant to that version of the standard. If you are still struggling with 1.1, there is good news along with the bad. [...]“

Linked to it before but here is is again, PCI DSS 1.2 summary of changes.

For us in the AV business, the primary news are:

Requirement 5: Use and regularly update anti-virus software
- Clarified that requirement for use of anti-virus software applies to all operating system types
- Clarified that anti-virus software must address all known types of malicious software

Feels nice that they declare more directly that anti-virus (incorrect terms according to me) should be able to detect all types of malicious software. That is, they have to be Anti-Malware products (which is the “correct” term).

Tags: ,

2 comments

Comments feed for this article

October 1, 2008 at 6:14 pm

Mike

Mike’s avatar

We have a detailed review of the changes in PCI DSS v1.2 online: http://pcianswers.com/2008/10/01/pci-dss-version-12-differences-and-updates/

October 1, 2008 at 8:05 pm

Daniel Nyström

Daniel Nyström’s avatar

Thanks Mike, I’ll have a look at it!