FAQs that have been removed from the PCI SSC website or have dead links.
The PA-DSS details the requirements a payment application must meet in order to facilitate a customer's PCI DSS compliance. PA-DSS validated payment applications, when implemented in a PCI DSS-compliant environment, …
The role of the Advisory Board will be to provide strategic and technical guidance to the PCI Security Standards Council, reflecting different stakeholder perspectives. The Advisory Board does not have …
No. The council will continue to offer approved device listings on our website. Any proposed changes to the PTS program discussed at the Community Meeting will have no material impact …
The intent of the one primary function per server requirement (Requirement 2 of the PCI DSS) is to ensure that your organization's system configuration standards and related processes address server …
PCI DSS is the standard for merchants and service providers to protect cardholder data. The PA-DSS and PTS device security requirements support the overall implementation of PCI DSS by allowing …
All changes to the software of a validated PA-DSS application must result in a new version number, even if there is no impact on PA-DSS requirements. This is necessary to …
The PCI Security Standards Council (PCI SSC) maintains a robust evaluation and qualification program for approved security assessors and scanning vendors. Information on becoming a qualified assessor or scan vendor …
This FAQ applies to P2PE v2.0.
A P2PE component is a service assessed to a specific set of P2PE requirements and that results in a P2PE component provider listing …
This is a Technical FAQ for P2PE versions 1.x. This is a "normative" FAQ that is considered to be part of the P2PE requirements and shall be considered during a …
Whether a particular whitelisting implementation can meet PCI DSS Requirement 5 will depend on the specific implementation. The intent of Requirement 5 is to detect, remove and protect system components …
