PCI Watch

Tracking changes across the Payment Card Industry
ℹ️
Reference Content: This is archived content from PCI Security Standards Council bulletins, preserved for tracking changes over time.
View Original →

PCI Security Standards Council on minor corrections to PCI DSS and PA-DSS standards documentation

PDF









PCI Security Standards Council on minor corrections to PCI DSS and PA-DSS standards
documentation

Monday August 10
th

Dear Participating Organization,

You may have noticed some changes to PCI DSS and PA-DSS documentation on our website.
PCI DSS, PA-DSS, and the PA-DSS Program Guide version 1.2, launched last October, are now
all updated to version 1.2.1.

This new version number reflects some minor corrections to documentation, and does not impact
the intent or language of the 12 PCI DSS requirements or any of the sub requirements. Similarly,
the PA-DSS has not undergone substantive changes.

Below is a Q&A that will answer any questions you may have on these minor changes. If you
have additional questions, please contact us on 781-876-8855

Sincerely

Troy Leach,
Technical Director
PCI SSC


FAQ

What are these changes?
The move from version 1.2 to version 1.2.1 of the PCI Security Standards Council’s Data Security
Standard (DSS) and Payment Application Data Security Standard (PA-DSS) signifies minor
corrections designed to create more clarity and consistency among the standards and supporting
documents. The changes are minor, for example; correcting spelling, eliminating redundant lines
and updating language to synch with supporting documents. There are no additions to the
requirements or to the intention of the standards. This change, and the creation of DSS, PA-DSS,
and the PA-DSS Program Guide 1.2.1 is administrative in nature.

Each document has been updated with a table of changes on the front page illustrating precisely
where the administrative updates have been made within the document.

Why now for these changes?
During periodic review of documentation the Council identified areas for administrative changes.
These changes have been compiled and PCI DSS and PA-DSS versions 1.2.1 only contain
corrections to minor errors. The PA-DSS Program Guide 1.2.1 contains clarifications to aid
program transition to the Council.















Should I revisit my compliance plans or implementation timelines?
As there are no changes to the intention or requirements of the DSS, your compliance programs
will be unaffected by the change from DSS 1.2 to DSS 1.2.1

Do I need to do anything differently?
You should continue to work with your assessor on your current compliance program. There are
no changes from v1.2 to DSS 1.2.1

Does this change your plans to roll out the next version of the PCI DSS?
This will not affect the planned, public lifecycle of the DSS. We are currently in the feedback
period of the lifecycle and encourage organizations to share feedback with us through the online
feedback form, FAQ tool and direct email contact. The first feedback period runs until November
1
st and incorporates both the US and European Community Meetings.

Which standards and documents are affected?
• PCI DSS

• PA-DSS
• PA-DSS Program Guide

Is this part of the Council’s planned lifecycle process?
The Council’s minor modification process supports the planned lifecycle process for allowing for
any necessary changes to the standards outside of the published lifecycle. This new version
number reflects some minor corrections to documentation, and does not impact the intent or
language of the 12 PCI DSS requirements or any of the sub requirements. Similarly, the PA-DSS
has not undergone substantive changes.