Aug 18 2008
It’s not comprehensive, but the PCI Standards Council has published a summary of the changes you should be expecting in version 1.2 of the PCI standards. A couple of the big changes I noticed at first read through:
- WEP encryption will no longer be acceptable on new implementations as of March 31, 2009 and not acceptable anywhere as of June 30, 2010.
- Every OS must have AV (or a compensating controls worksheet to explain why you don’t have it)
- Patching will be risk based rather than within 30 days
- Plenty of other clarifications and updates.
According to this document, the full release is due October 1, 2008. This is only a few pages long and worth taking the 10 minute to read.