Several people have asked me about the change history of the Payment Card Industry Data Security Standard (PCI DSS). In a nutshell, change has been minor.
The exception in the latest version (DSS 1.2) is Requirement 6, which added significant changes to web application security.
Requirement 10.7 provides a good example of the subtlety found in most other areas:
| DSS 1.0 | DSS 1.1 | DSS 1.2 |
| An audit history usually covers a period of at least one year, with a minimum of 3 months available online. | Retain audit trail history for at least one year, with a minimum of three months online availability. | Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from back-up). |