Recent FAQ Changes

❓ FAQ 1017 New 2008-02-24T00:00:00+00:00

How can my organization find assistance in completing the Self-Assessment Questionnaire?

The Council encourages organizations to seek professional guidance in achieving compliance and completing the Self-Assessment Questionnaire. Please recognize that, while you are free to use any security professional of your …

❓ FAQ 1016 New 2008-02-24T00:00:00+00:00

I want to add input into this process. How do I become a member of the Council?

Please visit www.pcisecuritystandards.org and download/complete the application for joining the Council. Once your application fee is received and your organization has been approved as a new Participating Organization, you will …

❓ FAQ 1084 New 2008-02-24T00:00:00+00:00

For PCI DSS requirement 3.4.1 for disk encryption, what is the intent of requiring that logical access must be managed independently of native operating access control mechanisms?

The intent of this requirement is to address the acceptability of disk encryption for rendering cardholder data unreadable. Disk encryption encrypts data stored on a computer’s mass storage and automatically …

❓ FAQ 1218 New 2008-02-24T00:00:00+00:00

How do I select the Self-Assessment Questionnaire that best applies to my organization?

According to payment brand rules, all merchants and their service providers are required to comply with the PCI Data Security Standard in its entirety. There are five PCI Data Security …

❓ FAQ 1215 New 2008-02-24T00:00:00+00:00

What is the PCI DSS Self-Assessment Questionnaire?

The PCI Data Security Standard Self-Assessment Questionnaire is a validation tool intended to assist merchants and service providers who are permitted by the payment brands to self-evaluate their compliance with …

❓ FAQ 1173 New 2008-02-24T00:00:00+00:00

Who is qualified to perform PA-DSS assessments?

Payment Application Qualified Security Assessors (PA-QSAs) are qualified by the Council to validate payment applications for compliance to PA-DSS. A list of PA-QSAs is available on the Council website. A …

❓ FAQ 1147 New 2008-02-24T00:00:00+00:00

What is the purpose of requiring consoles/PCs to become "locked" after 15 minutes of idle time, per PCI DSS requirement 8.5.15?

The intent of this requirement is to prevent someone from using an unattended console/PC to gain unauthorized access to the user’s computer and accounts, and/or the company’s network. This does …

❓ FAQ 1141 New 2008-02-24T00:00:00+00:00

What are the fines and penalties assessed to companies for non-compliance with the PCI DSS?

Any fines and/or penalties associated with non-compliance with the PCI DSS and/or confirmed security breaches are defined by each of the payment card brands.

For more specific information, please …

❓ FAQ 1134 New 2008-02-24T00:00:00+00:00

What are the steps needed to use the Self-assessment Questionnaire (SAQ) to validate compliance with PCI DSS?

In accordance with payment brands" compliance programs, those merchants and service providers who are permitted by the payment brands to validate their compliance with the PCI DSS using a Self-assessment …

❓ FAQ 1133 New 2008-02-24T00:00:00+00:00

Why are there multiple PCI DSS Self-assessment Questionnaires (SAQs)?

The PCI Data Security Standard Self-assessment Questionnaire (SAQ) is a validation tool to assist merchants and service providers in demonstrating their compliance with the PCI Data Security Standard (PCI DSS) …

Recent FAQ Changes RSS