The latest changes across all tracked PCI resources.
The PCI Security Standards Council (PCI SSC) has released version 3.2 of the PCI Point-to-Point Encryption (P2PE) Standard, introducing important clarifications and updates based on industry feedback. P2PE v3.2 is …
No, Approved Scanning Vendors (ASVs) and Qualified Security Assessors (QSAs) are not considered third-party service providers (TPSPs) for purposes of PCI DSS Requirements 12.8 and 12.9, if an ASV or …
No.
Several PCI DSS requirements specify that a security activity is to be performed periodically or at a defined frequency. If an entity fails to perform the control on …
This episode of Coffee with the Council is brought to you by our podcast sponsor, Feroot.
Welcome to our podcast series, Coffee with the Council. I'm Alicia …
We are pleased to welcome the newest organizations that have joined as Associate Participating Organizations of the PCI Security Standards Council (PCI SSC). These organizations play a crucial role in …
Registration is now open for the PCI Security Standards Council’s 2025 Community Meetings! Register now and secure your experience filled with sessions led by industry experts, exciting keynotes, networking …
From 16 June to 18 July, eligible PCI SSC stakeholders are invited to review and provide feedback on the draft PCI Key Management Operations (KMO) v1.0 Standard during a 30-day …
PCI DSS Requirement 11.4.6 requires service providers that use segmentation to isolate the cardholder data environment (CDE) from other networks to perform penetration tests on those segmentation controls at least …
Yes. Card verification codes/values (e.g., CVV2, CVC2, CID, or CAV2) are commonly requested during card-not-present (CNP) transactions such as e-commerce or mail order/telephone order (MOTO) to help verify that the …
PCI DSS does not define a specific maximum or minimum length of time for which cardholder data can be stored. PCI DSS Requirement 3.2.1 requires entities to implement data retention …
