FAQs that have been removed from the PCI SSC website or have dead links.
Whether a particular whitelisting implementation can meet PCI DSS Requirement 5 will depend on the specific implementation. The intent of Requirement 5 is to detect, remove and protect system components …
The PCI Point-to-Point Encryption (P2PE) Standard contains detailed security requirements and testing procedures for application vendors and providers of P2PE solutions to ensure that their solutions can meet the necessary …
Host systems are used in hybrid decryption environments to decrypt account data for the purpose of processing payments. A Host system is a computer or other device that is not …
PCI DSS Requirement 9.1.1 addresses the need for video cameras and/or access control mechanisms to monitor individual physical access to sensitive areas. "Sensitive areas" refers to any data center, server …
No. There are no PCI DSS requirements that apply to manual imprinters (also known as "zip-zap" and "knuckle-buster" machines). They are not card reading devices as defined in Requirement 9.9, …
When a PA-DSS validated payment application has expired, it is listed as acceptable only for pre-existing deployments, or in other words, for customers that have already purchased and deployed the …
The Prioritized Approach Tool for PCI DSS v3.2 includes an update to the built-in formulas to remove "N/A" (Not Applicable) responses from the Percent Complete calculation. Previously, a response of …
The current version of PA-DSS is v3.2. Effective 1 September 2016, all new payment applications must be validated using PA-DSS v3.2. New payment application validations and High Impact Changes using …
The PCI P2PE Standard does not define specific form factors nor does it restrict the type of form factor that can be used for an HSM in P2PE solutions. However, …
No, PCI PED 1.x devices are not eligible for SRED validation, and therefore cannot be used in a PCI P2PE solution.
