FAQ #1093 Diff

Does Requirement 3.4 apply to mainframes?

Earlier Version
2009-03-13T00:00:00+00:00

Later Version
2025-06-11T14:55:00+00:00

Removed

Added

~~Requirement 3.4 of the~~Yes. PCI DSS Requirement 3.5.1 applies to mainframes that store cardholder data. If ~~the~~a company has legitimate business or technical constraints toin ~~meet~~meeting this or any other requirement, compensating controls may be ~~applied.~~considered. Compensating controls must beaddress ~~commensurate with~~the additional risk ~~imposed~~introduced by not ~~adhering to~~meeting the original requirement. ~~Please refer~~

Refer to Appendices B and C of ~~the~~ PCI DSS v4.0.1 for more information ~~on the use of~~about compensating controls.

Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.