To minimize changes to the standards, the PCI Security Standards Council (PCI SSC) has established a lifecycle approach for PCI DSS and PA-DSS, where major version changes to the standards will occur every 3 years (for example, an update from version 2.0 to version 3.0). To ensure organizations have enough time to transition to a new standard without falling out of compliance, the previous version will remain active for 14 months after a major version of the standard is published. This ensures a gradual, phased introduction of any updated requirements, and helps to prevent organizations from becoming noncompliant when changes are published. The 3-year standards lifecycle also allows for changes “out-of-cycle” as needed to address critical issues or errata. To ensure that organizations can maintain compliance with updated versions of the standards, new requirements may be phased in with future effective dates. |
February 2008
Article Number 1176