Since I took the time to provide security predictions for 2010 yesterday, today I decided to provide some information on IT Compliance in 2010. As always, I welcome your comments that’s what makes blogs interesting to read and I like to hear your thoughts as well.

In 2010 regulatory mandates and standards such as PCI DSS, HIPAA/HITECH and many others will set the tone for security activities. In fact, I bet more organizations will base their security programs on PCI DSS, which is good and bad. Good because it’s better than nothing, bad because it’s simply a baseline. I also think that PCI DSS will continue to require more to comply with & organizations will continue to criticize the standards because of requirements.

2010 will also bring a new version of the PCI DSS standard which will also bring more controversy and questions for the council to answer or justify. There are also some 2010 deadlines mandated by Visa that we all need to remember and they are:

1. 3/31/2010 - U.S. Level 1 and Level 2 Merchants Prohibited Data Retention Attestation Deadline
2. 7/1/2010 - TDES Mandate - All U.S. POS PEDs must be encrypting PINS using TDES end-to-end
3. 7/1/2010 - All attended POS PIN acceptance device models must have passed testing by a PCI-recognized or Pre-PCI recognized laboratory and have been approved by Visa
4. 7/1/2010 - U.S. Payment Application Security Mandate - Phase 5. (Acquirers must ensure their merchants, VNPs and agents use only PA-DSS compliant applications).