Interesting Tidbits Out Of The PCI European Community Meeting Assessors Session

Usually the European Community Meeting uneventfully passes because everyone reads the slide decks, Twitter feeds and feedback from the North American CM.  However, with the cancellation of this year’s North American CM due to Hurricane Irma, that gave the EU CM the spotlight.

While we will all get the slide decks (and supposedly videos) via the portal, here are some interesting tidbits from the Assessors Session in Barcelona thanks to Yves Desharnais who attended the EU CM.

  • Emma Sutcliffe confirmed that the next major revision, i.e., v4.0, of the PCI DSS and PA-DSS are slated for a 2019 release (obviously barring any dramatic change in threats/attacks).
  • Emma also confirmed that there could be a “point” release, i.e., v3.3, of the PCI DSS and PA-DSS in 2018 to clean up errors and the like such as was with 3.1 and 3.2. Maybe while they are at it they can fix the ROC Reporting Template so that it does not cause Word to do strange things.
  • Jeremy King stated that the situation with SSL and Early TLS may be revisited before June 30, 2018. Apparently, the feedback from POI service providers and others are causing them to revisit that situation.

Now we are all in the know.

UPDATE – 12/07/2017 – According to the Quarterly QSA Webinar today, the next release of the PCI DSS and PA-DSS are expected in 2019. Also discussed was the fact that the SSL/Early TLS deadline is still June 30, 2018.

6 Responses to “Interesting Tidbits Out Of The PCI European Community Meeting Assessors Session”

  1. 1 Robert
    November 1, 2017 at 10:58 AM

    If you have feedback about the PCI DSS And PCI PA-DSS, there is a RFC open at the moment (until November 15th, 2017) to comment to the PCI SSC about these two standards. Maybe your comments will make it in a changes in the v3.3 or v4.0. Participate!

  2. 3 RolandA
    October 29, 2017 at 8:46 AM

    Thank you for the notes!
    (However, Jeremy King wasn’t present at the assessor session)

    • October 29, 2017 at 8:56 AM

      I went back and reviewed the note I got from my friend who did attend. Hard to say given how his notes are written if this is related to an earlier session. Regardless, apparently Jeremy made a comment at some point at the EU CM about SSL/Early TLS.

  3. October 26, 2017 at 4:53 PM

    I’m about to head home, else I would have laid a large rant right here, right now. I might tomorrow.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


If you are posting a comment, be patient, as the comments will not be published until they are approved.

If your organization has a PCI opportunity, is in need of assistance with a PCI issue or if you would like the PCI Guru to speak at your meeting, you can contact the PCI Guru at pciguru AT gmail DOT com.

I do allow vendors to post potential solutions in response to issues that I bring up in posts. However, the PCI Guru does not endorse any specific products, so "Caveat Emptor" - let the buyer beware. Also, if I feel that the response is too "sales-ee", I reserve the right to edit or not even authorize the response.


October 2017

Enter your email address to subscribe to the PCI Guru blog and receive notifications of new posts by email.

Join 2,422 other followers

%d bloggers like this: