Recent FAQ Changes RSS

Latest changes to PCI SSC frequently asked questions.

FAQ 1569 New

Is sampling allowed in PCI DSS v4.0?

Yes. Assessors have two options when performing PCI DSS testing procedures; they can either: 1) test a representative sample of the population according to the assessor's defined sampling methodology, or …

FAQ 1485 Updated

What is the meaning of "initial PCI DSS assessment"?

An initial assessment means an entity has never undergone a prior PCI DSS assessment that resulted in the submission of a compliance validation document. Examples of validation documents include an …

FAQ 1317 Updated

What is meant by "significant change" in PCI DSS?

There are several PCI DSS requirements that specify performance upon a significant change in an entity's environment. While what constitutes a significant change is highly dependent on the configuration of …