FAQs that have been removed from the PCI SSC website or have dead links.
PCI DSS Requirement 3.3 states that PAN must be masked when displayed (the first six and last four digits are the maximum number of digits to be displayed) such that …
PCI DSS Requirement 9.1.1 addresses the need for video cameras and/or access control mechanisms to monitor individual physical access to sensitive areas. “Sensitive areas” refers to any data center, server …
No. There are no PCI DSS requirements that apply to manual imprinters (also known as “zip-zap” and “knuckle-buster” machines). They are not card reading devices as defined in Requirement 9.9, …
The term “remote access” refers to access to a computer network from a location outside of that network. Examples of remote access include access from the Internet, an “untrusted” network …
The role of the Advisory Board will be to provide strategic and technical guidance to the PCI Security Standards Council, reflecting different stakeholder perspectives. The Advisory Board does not have …
PCI DSS Requirement 11.4.6 requires service providers that use segmentation to isolate the cardholder data environment (CDE) from other networks to perform penetration tests on those segmentation controls at least …
No. PA-DSS version 1.2.1 is expired. New application validations using PA-DSS 1.2.1 and changes for existing listings using PA-DSS 1.2.1 are no longer accepted. In addition, applications validated using PA-DSS …
The PCI Security Standards Council will make reasonable efforts to evaluate global coverage for both QSAs and ASVs, and will attempt to identify and encourage participation by qualified parties to …Fees for validation services are set independently by the PA-QSAs.
PCI DSS Requirement 8 addresses secure authentication requirements and requires that all passwords and other authentication credentials be securely managed. These requirements apply to all non-consumer users and administrators. The …