Document Comparison
PCI_PTS_POI_Technical_FAQ_v7_Dec_2025.pdf
→
PCI_POI_Technical_FAQ_v7_May_2026.pdf
97% similar
41 → 44
Pages
19238 → 19840
Words
2
Content Changes
Content Changes
2 content changes. 31 administrative changes (dates, page numbers) hidden.
Added
p. 34
May 2026: Are hybrid or post-quantum cryptographic key-transport mechanisms permitted for HSMs? A) Yes. Hybrid and pure post-quantum cryptographic (PQC) key-transport mechanisms are permitted, provided that:
• Each individual cryptographic component (whether classical or PQC-based) independently meets or exceeds the minimum cryptographic strength as enumerated in the table below.
• Mutual authentication must be enforced.
• All key transport follows basic key management principles, including cryptographic binding of key usage attributes to the transported key (i.e., use of a compliant Key Block as defined in the applicable key block requirements, such as those based on ANSI X9.143, ISO 20038, or ASC X9 TR-34 principles).
• The key block must include, at minimum:
• Attributes defining the permitted operations for the key.
• Attributes defining the cryptographic algorithm and mode of use.
• Attributes defining exportability of the key.
• Use of key-length obfuscation padding for symmetric keys to the maximum length for the algorithm, 192 bits for TDEA …
• Each individual cryptographic component (whether classical or PQC-based) independently meets or exceeds the minimum cryptographic strength as enumerated in the table below.
• Mutual authentication must be enforced.
• All key transport follows basic key management principles, including cryptographic binding of key usage attributes to the transported key (i.e., use of a compliant Key Block as defined in the applicable key block requirements, such as those based on ANSI X9.143, ISO 20038, or ASC X9 TR-34 principles).
• The key block must include, at minimum:
• Attributes defining the permitted operations for the key.
• Attributes defining the cryptographic algorithm and mode of use.
• Attributes defining exportability of the key.
• Use of key-length obfuscation padding for symmetric keys to the maximum length for the algorithm, 192 bits for TDEA …
Added
p. 39
May 2011: If a device complies with B15, does this mean I need to re-submit the device for lab evaluation every time I change the prompts? A If there are suitable wildcards in the firmware version listing to accommodate new prompt versions that have been previously reviewed and confirmed as appropriate by a PCI laboratory, the review of each change by a PCI laboratory is not necessary.