PCI DSS Requirement 10.7 History

Several people have asked me about the change history of the Payment Card Industry Data Security Standard (PCI DSS). In a nutshell, change has been minor.

The exception in the latest version (DSS 1.2) is Requirement 6, which added significant changes to web application security.

Requirement 10.7 provides a good example of the subtlety found in most other areas:

Requirement 10.7:

DSS 1.0 DSS 1.1 DSS 1.2
An audit history usually covers a period of at least one year, with a minimum of 3 months available online. Retain audit trail history for at least one year, with a minimum of three months online availability. Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from back-up).

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.