Recent FAQ Changes RSS

The PCI SSC does not certify service providers as PCI DSS compliant. All entities that store, process or transmit cardholder data are required to comply with the PCI DSS and …

In general, frame relay can be considered private if it is dedicated to the customer?s traffic. The PCI DSS requires encryption for transmission of cardholder data over public networks, not …

If the ISP only provides a ?pipe? for internet access, then it is not considered a service provider and is not subject to PCI DSS compliance. However, if the ISP …

PCI DSS applies to any entity that stores, processes, or transmits cardholder data. Whether entities with cardholder data on their own corporate cards need to validate compliance is determined by …

Systems that store only truncated PANs (where a segment of PAN data has been permanently removed) may be considered out of scope for PCI DSS if that system is adequately …

In general, MPLS networks are considered ?private? networks and do not require encryption. This, however, is dependent upon the specific provider and/or configuration. If the IP addresses are public and …

The PCI SSC does not mandate the use of any one approach to PCI DSS compliance. The Prioritized Approach is designed as a reporting tool to help entities understand where …

The Prioritized Approach tool is intended to help guide non-compliant entities to work through the process of becoming PCI DSS compliant. The Prioritized Approach does not supersede or replace the …

The Prioritized Approach was developed to address the highest common risks first in Milestone 1, the next highest risks in Milestone 2, etc. The Prioritized Approach provides a means to …

The Prioritized Approach is not a replacement for PCI DSS; rather, it reorganizes the PCI DSS requirements into security milestones, and is designed to help organizations working towards PCI DSS …