Four years ago I wrote about changes between versions of the PCI DSS with an example of subtlety from Requirement 10.7. This came up again today, so here’s an updated table:
| DSS 1.0 | DSS 1.1 | DSS 1.2 | DSS 2.0 |
| An audit history usually covers a period of at least one year, with a minimum of 3 months available online. | Retain audit trail history for at least one year, with a minimum of three months online availability. | Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from back-up). | Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from back-up). |