Recent Updates RSS

Where a future-dated requirement has not yet been implemented by an entity and the Report on Compliance (ROC) or Self-Assessment Questionnaire (SAQ) is completed prior to the effective date of …

No. The period for which an entity's PCI DSS assessment result is valid does not change if the standard against which the entity was assessed has been retired. However, how …

Yes. However, regardless of how the QSA obtains evidence to support a PCI DSS assessment, the QSA conducting the PCI DSS assessment has the ultimate responsibility for their client's assessment …

No, due to the variability of scope coverage and assessor validation procedures, a QSA cannot rely on reports from other attestation engagements (like SOC 2 or SOC 3) for a …

Compliance questions, including questions about whether it is acceptable to submit a PCI DSS v3.2.1 assessment report after that standard’s retirement date of 31 March 2024, should be directed to …

Hello and welcome to Coffee with the Council. I’m Alicia Malone, Senior Manager of Public Relations at the PCI Security Standards Council. This month, we begin the election phase …

In this new video series, Emma Sutcliffe, SVP Standards, answers the payment industry’s questions about PCI DSS v4.0. Questions include:

• What are the first steps organizations should …

Welcome to our podcast series, Coffee with the Council. I'm Alicia Malone, Senior Manager of Public Relations for the PCI Security Standards Council. Today, we'll reflect on the accomplishments …

From now through 17 February 2023, PCI SSC Participating Organizations are invited to vote on proposals for the PCI SSC 2023 Special Interest Group (SIG) project.

The PCI SSC Global Content Library is now available! The PCI SSC Global Content Library is home to hours of video content from our Global Community Events, covering topics on …