PCI Watch

Tracking changes across the Payment Card Industry
ℹ️
Reference Content: This is a copy of content from the PCI Security Standards Council FAQ database, preserved for tracking changes over time.
View Original →
FAQ #1093 Published

Do PCI DSS requirements for protecting stored cardholder data apply to mainframes?

Yes. PCI DSS Requirement 3.5.1 applies to mainframes that store cardholder data. If a company has legitimate business or technical constraints in meeting this or any other requirement, compensating controls may be considered. Compensating controls must address the additional risk introduced by not meeting the original requirement.

Refer to Appendices B and C of PCI DSS v4.0.1 for more information about compensating controls.

View original on PCI SSC website View all versions Back to recent changes

Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.