PCI Watch - Tracking changes across the Payment Card Industry

📘 PCI SSC Document Library Software Security Updated 2021-02-18T12:00:00+00:00

Secure SLC Report on Compliance (ROC) Template

Updated version published, replaces version from 2019-09-01T12:00:00+00:00

📘 PCI SSC Document Library Software Security Updated 2021-02-18T12:00:00+00:00

Secure SLC Attestation of Compliance (AOC)

Updated version published, replaces version from 2020-03-06T12:00:00+00:00

📘 PCI SSC Document Library Software Security Updated 2021-02-18T12:00:00+00:00

Secure SLC Program Guide

Updated version published, replaces version from 2019-06-01T12:00:00+00:00

📘 PCI SSC Document Library Software Security New 2021-02-18T12:00:00+00:00

Secure SLC Standard Summary of Changes

📘 PCI SSC Document Library Software Security Updated 2021-02-18T12:00:00+00:00

Secure SLC Standard

Updated version published, replaces version from 2019-01-01T12:00:00+00:00

📣 PCI SSC Communications Press Release New 2021-02-18T04:01:00+00:00

PCI Security Standards Council Publishes Version 1.1 of Secure Software Lifecycle (SLC) Standard and Program

📣 PCI SSC Communications Media New 2021-02-18T04:01:00+00:00

PCI Secure SLC Program Expands Vendor Eligibility with Version 1.1

via unifiedguru.com

📣 PCI SSC Communications Press Release New 2021-01-19T04:01:00+00:00

PCI Security Standards Council Announces 2021-2022 Advisory Board

❓ PCI SSC FAQs FAQ #1491 New 2021-01-13T20:01:00+00:00

Does PCI DSS define which versions of TLS must be used?

No. However, PCI DSS does not consider SSL or early TLS to be strong cryptography. Transport Layer Security (TLS) is a protocol that encrypts traffic between two endpoints to provide …

📘 PCI SSC Document Library PTS Updated 2021-01-01T08:00:00+00:00

HSM Security Requirements Modifications: Summary of Changes

Updated version published, replaces version from 2016-06-01T12:00:00+00:00

📣 PCI SSC Communications Industry Bulletin New 2020-12-17T04:01:00+00:00

PCI Security Standards Council Bulletin: Implementation Dates for Key Block Equivalence

❓ PCI SSC FAQs FAQ #1490 New 2020-12-16T21:18:00+00:00

Can a PCI 3DS Assessment result in a finding of "Compliant" if some requirements are not tested?

No. The PCI 3DS Attestation of Compliance (AOC) can only document a "Compliant" finding if all requirements are tested and found to be "In Place" or a combination of "In …

❓ PCI SSC FAQs FAQ #1489 New 2020-12-16T21:03:00+00:00

Is an EMVCo Letter of Approval required prior to conducting a PCI 3DS Assessment?

No, an EMVCo Letter of Approval (LOA) is not required for a PCI 3DS Assessor to perform an assessment to the PCI 3DS Core Security Standard. If an EMVCo LOA …

❓ PCI SSC FAQs FAQ #1488 New 2020-12-16T20:45:00+00:00

What types of 3DS components are in scope for Requirement P2-7 in the PCI 3DS Core Security Standard?

Requirements P2-7.1 and P2-7.2, which relate to data center and CCTV security, apply to 3DS Directory Server (DS) and 3DS Access Control Server (ACS) systems. As noted in the Overview …

❓ PCI SSC FAQs FAQ #1487 New 2020-12-16T20:36:00+00:00

Can a 3DS entity outsource the hosting and management of its HSMs to a third-party service provider?

Yes, a 3DS entity may choose to outsource the hosting and management of its HSM infrastructure to a third-party service provider as long as all applicable requirements are met. The …

Recent Updates RSS