I feel this section of the official online curriculum contains outdated information.
It is referencing PCI DSS 3.11. We are now on PCI DSS 4.0.1.
And the requirements have since changed regarding data retention between 3.11 and 4.0.1.
Therefore, may I please request that this section of the CCSP official online curriculum be updated to reflect the change?
The new requirements are under section 3.2 of PCI DSS 4.0.1 as shown in the second document image:
“Account data is retained only when necessary and for the least amount of time needed and is securely deleted or rendered unrecoverable when no longer needed.” … “To define appropriate retention requirements, an entity first needs to understand its own business needs as well as any legal or regulatory obligations that apply to its industry or to the type of data being retained.”
Thank you for your consideration.
I wonder if there is a typo in the statement below.
Where it says conversely, should the word following it be the word ‘unstructured’ instead of ‘structured’?
