To quote the blog the SSC is evaluating additional multi-factor authentication for administrators within a Cardholder Data Environment (CDE); incorporating some of the Designated Entities Supplemental Validation (DESV) criteria for service providers; clarifying masking criteria for primary account numbers (PAN) when displayed; and including the updated migration dates for SSL/early TLS that were published in December 2015.
It is considered the introduction of multi-factor authentication for administrators may pose some challenges in environments where there are administrative and application users on systems such as mainframes, where web-based administrative interfaces are available or where segmentation has existed between in-scope and out-of-scope networks but the out-of-scope network has not been considered ‘remote’. These will be interesting topics to discuss further in the coming months.
Once we have additional information we will inform you. Subcribe to the blog in the right column for updates.
Useful links:
Preparing for PCI DSS v3.2 : http://blog.pcisecuritystandards.org/preparing-for-pci-dss-32
Designated Entities Supplemental Validation (DESV) criteria for service providers : https://www.pcisecuritystandards.org/documents/PCI_DSS_v3_DESV.pdf
Date Change for Migrating from SSL and Early TLS : http://blog.pcisecuritystandards.org/migrating-from-ssl-and-early-tls