Interesting Tidbits Out Of The PCI European Community Meeting Assessors Session

Usually the European Community Meeting uneventfully passes because everyone reads the slide decks, Twitter feeds and feedback from the North American CM.  However, with the cancellation of this year’s North American CM due to Hurricane Irma, that gave the EU CM the spotlight.

While we will all get the slide decks (and supposedly videos) via the portal, here are some interesting tidbits from the Assessors Session in Barcelona thanks to Yves Desharnais who attended the EU CM.

  • Emma Sutcliffe confirmed that the next major revision, i.e., v4.0, of the PCI DSS and PA-DSS are slated for a 2019 release (obviously barring any dramatic change in threats/attacks).
  • Emma also confirmed that there could be a “point” release, i.e., v3.3, of the PCI DSS and PA-DSS in 2018 to clean up errors and the like such as was with 3.1 and 3.2. Maybe while they are at it they can fix the ROC Reporting Template so that it does not cause Word to do strange things.
  • Jeremy King stated that the situation with SSL and Early TLS may be revisited before June 30, 2018. Apparently, the feedback from POI service providers and others are causing them to revisit that situation.

Now we are all in the know.

UPDATE – 12/07/2017 – According to the Quarterly QSA Webinar today, the next release of the PCI DSS and PA-DSS are expected in 2019. Also discussed was the fact that the SSL/Early TLS deadline is still June 30, 2018.


6 Responses to “Interesting Tidbits Out Of The PCI European Community Meeting Assessors Session”

  1. 1 Robert
    November 1, 2017 at 10:58 AM

    If you have feedback about the PCI DSS And PCI PA-DSS, there is a RFC open at the moment (until November 15th, 2017) to comment to the PCI SSC about these two standards. Maybe your comments will make it in a changes in the v3.3 or v4.0. Participate!

  2. 3 RolandA
    October 29, 2017 at 8:46 AM

    Thank you for the notes!
    (However, Jeremy King wasn’t present at the assessor session)

    • October 29, 2017 at 8:56 AM

      I went back and reviewed the note I got from my friend who did attend. Hard to say given how his notes are written if this is related to an earlier session. Regardless, apparently Jeremy made a comment at some point at the EU CM about SSL/Early TLS.

  3. October 26, 2017 at 4:53 PM

    I’m about to head home, else I would have laid a large rant right here, right now. I might tomorrow.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Welcome to the PCI Guru blog. The PCI Guru reserves the right to censor comments as they see fit. Sales people beware! This is not a place to push your goods and services.

October 2017

%d bloggers like this: