The PCI Security Standards Council released a Summary of Changes document this morning without any fanfare. It gives a very high level review of which Requirements will be modified and how. Here are the ones to watch:
1 Clarification of DMZ
3.2 Issuers and Authentication Data
3.6 Key Management
4.4 Centralized Logging for Payment Applications
6.2 Risk-based approach to Vulnerability Mgmt
6.5 OWASP no longer the only standard for Web Security
10 and 11 (now combined)
12.3.10 Business justification for copy/move/store CHD