Version 32 of the PCIDSS can be found here httpswwwpcisecuri

Version 3.2 of the PCI-DSS can be found here: https://www.pcisecuritystandards.org/document_library (Links to an external site.) Do the requirements described in this document reflect defense-in-depth - why or why not

Solution

See, if we were ti discuss this in relation with Defence in depth , lets make below things crystal:

1. It is is a \"Defence\" approach ancd DO not guarentee any sort of assurance but more specifically in technical perspective it helps to delay the vulnerability by maintaining protection (not prevention) mechanisms.

2. It could be susbsumed into 3 broad categories of physical, technical, organisational protection perspection.

After reading the requirements of PCI-DSS starting fro page 19 in the document, I do favor it to be in sync with \"DiD\"-approach.

As per PCI-DSS requirements :

1. Build and Maintain a Secure Network and Systems.--- which is a DiD\'s Technical controls measures whose purpose is to protect systems and resources

2. Protect Cardholder Data:- which is again a DiD\'s Technical controls measure.

3. Maintain a Vu lnerability Management Program . --- which is a DiD\'s Organisationa;/Admisnistrative controls measure.

4. Implement Strong Access Control Measures: ---which is a DiD\'s PHYSICAL controls measure.

5.Maintain an Information Security Policy--- which is again a DiD\'s Organisationa;/Admisnistrative controls measure.

Thus I do agree PCI-DSS limelights Defense-in-Depth approach.