![CarmeloWalsh[.]com](https://www.carmelowalsh.com/wp-content/themes/twentyten/images/headers/sunset.jpg)
PCI DSS 3.2 is officially published
Here is the summary:
Multi-factor authentication will be required for all administrative access into the cardholder data environment.
The “Designated Entities Supplemental Validation” (DESV) – a set of steps that tell an entity how they can meet PCI DSS requirements – have now been incorporated into the standard.
Migration from SSL and TLS v1.0 to TLS v1.1 and higher must be performed by July 1, 2018
Service providers get several new requirements, such as maintaining a documented description of the cryptographic architecture and reporting on failures of critical security control systems, establishing responsibility for protection of cardholder data and the PCI DSS compliance program, regular penetration testing on segmentation controls, proving that its top executives have an understanding of PCI DSS compliance
Summary of Changes Document
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2_Summary_of_Changes.pdf
Full Data Security Standard
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2.pdf
