FAQs that have been removed from the PCI SSC website or have dead links.
The deadline for all entities, including service providers, to migrate away from SSL and insecure versions of TLS is June 30, 2018. In order to support merchants and other customers …
The P2PE Standard does not require applications solely used in a P2PE solution to be validated to PA-DSS. PA-DSS and P2PE are distinct PCI standards with separate requirements and programs, …
This is a Technical FAQ for P2PE versions 1.x. This is a "normative" FAQ that is considered to be part of the P2PE requirements and shall be considered during a …
This is a Technical FAQ for P2PE versions 1.x. This is a "normative" FAQ that is considered to be part of the P2PE requirements and shall be considered during a …
In PCI DSS version 3, Requirements 6.5.10, 8.5.1, 9.9, 11.3, and 12.9 are considered "best practices" until June 30th, 2015, after which they become requirements. This is intended to give …
Version 3 of the self-assessment questionnaires (SAQs) are used to validate compliance against PCI DSS version 3, which is effective from January 1st, 2014. The PCI SSC strongly encourages all …
As part of the annual PA-DSS revalidation process, PCI SSC will be working with application vendors to identify applications which rely or depend on unsupported software, to ensure that validated …
Payment Application Qualified Security Assessors (PA-QSAs) are qualified by the Council to validate payment applications for compliance to PA-DSS. A list of PA-QSAs is available on the Council website. A …
The PCI Security Standards Council will make reasonable efforts to evaluate global coverage for both QSAs and ASVs, and will attempt to identify and encourage participation by qualified parties to …
Fees for validation services are set independently by the PA-QSAs.
