The PCI Security Standards Council announced today the release of draft for a new standard for payment application software; the Payment Application Data Security Standard (PA-DSS).
“A preliminary draft of this standard has been distributed to the Council’s Board of Advisors, participating organizations, Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs) for their feedback. The Council will incorporate this feedback and publish a final version of the PA-DSS in the first quarter of 2008.”
PA-DSS is reportedly based on Visa’s Payment Application Best Practices (PABP).
It is important to note that the press release indicates, “Internally developed applications by merchants and others are not subject to PCI PA-DSS but are subject to PCI DSS.”
You can see a frequently asked questions (FAQ) about PA-DSS here.
“The Council has distributed a preliminary version of the PA-DSS for feedback from the PCI SSC Board of Advisors, participating organizations, QSAs and ASVs. A final version of the PA- DSS is expected to be published in the first quarter of 2008.”
I want to see the proposed standard! Do you?
Anyone who wants to see the draft and be able to provide input is required to join the PCI Security Standards Council as a participating organization. “Non-members will not have access to the preliminary draft, but may submit generic questions and comments on the Council’s Web site www.pcisecuritystandards.org.”
I’ll be looking into this more in the near future…
Tags: awareness and training, Information Security, IT compliance, PA-DSS, PCI DSS, PCI Security Standards Council, policies and procedures, privacy, risk management, security training