Version 1.0 (2004): Basic security requirements - Version 2.0 (2010): Enhanced scoping guidance, more specific testing requirements - Version 3.0 (2013): Penetration testing methodology requirements formalized - Version 3.2.1 (2018): MFA requirements expanded, penetration testing guidance updated -