6 PCI DSS Best Practices to Become Requirements in 2018

InOrder ERPVersion 3.2 of the PCI DSS requirements was published in 2016, but several items are considered best practices until January 31, 2018. On February 1, 2018, they become requirements. One is for everyone meeting PCI DSS requirements, while the rest are for service providers.

Following are the best practices that become requirements on February 1, 2018.

Requirement 6.4.6 is for everyone meeting PCI DSS requirements. Whenever you implement a significant change to your system/network, verify that all appropriate PCI DSS controls are applied where needed, and update your documentation to reflect the change.

Requirements for Service Providers

  • Document your cryptographic architecture (Requirement 3.5.1).
  • Have a process to detect and report failures of critical security control systems. See PCI DSS Requirements 10.8 and 10.8.1 for examples of failures and what processes must include to respond to security control failures in a timely manner.
  • If segmentation is used to isolate the CDE from other networks, perform penetration testing on segmentation controls/methods at least every six months and after any changes to them (Requirement
  • Executive Management must assign responsibilities and define a charter to maintain PCI DSS compliance. PCI DSS Requirement 12.4.1 provides details about what the compliance program must include, and who is considered “executive management.”
  • Perform reviews at least quarterly to confirm personnel are following security policies and operational procedures, and document the results of those reviews (Requirements 12.11, 12.11.1).

Please refer to PCI DSS for your responsibilities under these requirements. If you have specific questions relating to your responsibilities for PCI DSS compliance, please direct them to your Qualified Security Assessor (QSA).


Share on FacebookShare on LinkedInTweet about this on TwitterShare on Google+Email this to someone

No Comments

Leave a response

1 (888) 667-7332

Contact Us

Literature Downloads


Corporate Headquarters
Morse Data Corporation
16 Pierce Street
Dover, NH 03820
Toll Free: (888) 667-7332
Phone: (603) 742-2500
Fax: (603) 742-8178
Technical Offices
Morse Data Corporation
9661 W. 143rd St. Suite 200
Orland Park, IL 60462
Toll Free: (800) 860-9515
Phone: (708) 873-0010
Fax: (708) 873-9967