PCI Watch

Tracking changes across the Payment Card Industry
ℹ️
Reference Content: This is archived content from PCI Security Standards Council bulletins, preserved for tracking changes over time.
View Original →

PCI Security Standards Council Bulletin: Updates to the P2PE Program

PDF














PCI Security Standards Bulletin: Update s to the P2PE Program

1 November 2022
As of 28 October 2022, the PCI Payment Application Data Security Standard (PA-DSS) and the Payment
Application Qualified Security Assessor (PA-QSA) Programs are retired. These programs are replaced by
the PCI Software Security Framework (SSF). PCI SSC has updated the Point-to-Point Encryption (P2PE)
Assessor program to reflect this change and to enable more opportunities for candidates to become
qualified as P2PE Assessors. These changes include:
• Assessor titles have changed from QSA(P2PE) and PA-QSA(P2PE) to P2PE Assessor and
P2PE Application Assessor, respectively. The nomenclature change does not impact what the
assessor is qualified to assess, or how they do assessments.
• Qualified PIN Assessors (QPAs) may now apply to become P2PE Assessors, without the
prerequisite to first be a QSA.
• P2PE Assessors must also be Secure Software Assessors in order to qualify as a P2PE
Application Assessor.
• Candidate P2PE Application Assessors are no longer required to complete two Secure Sof tware
Assessments in order to qualify.
The P2PE Qualification Requirements document has been updated to reflect these changes. Additional
documents, including the P2PE Program Guide and reporting documents, are also being updated to
reflect these changes.
Review the P2PE Qualification Requirements v3.1 for additional information.