Document Comparison
PCI_PTS_HSM_Technical_FAQs_v4_June_2025.pdf
→
PCI_PTS_HSM_Technical_FAQs_v4_May_2026.pdf
85% similar
21 → 20
Pages
8130 → 8401
Words
19
Content Changes
Content Changes
19 content changes. 21 administrative changes (dates, page numbers) hidden.
Added
p. 15
Q 46 May 2026: Are hybrid or post-quantum cryptographic key-transport mechanisms permitted for HSMs? A Yes. Hybrid and pure post-quantum cryptographic (PQC) key-transport mechanisms are permitted, provided that:
• Each individual cryptographic component (whether classical or PQC-based) independently meets or exceeds the minimum cryptographic strength as enumerated in the table below.
• Mutual authentication must be enforced.
• All key transport follows basic key management principles, including cryptographic binding of key usage attributes to the transported key (i.e., use of a compliant Key Block as defined in the applicable key block requirements, such as those based on ANSI X9.143, ISO 20038, or ASC X9 TR-34 principles).
• The key block must include, at minimum: o Attributes defining the permitted operations for the key. o Attributes defining the cryptographic algorithm and mode of use. o Attributes defining exportability of the key. o Use of key-length obfuscation padding for symmetric keys to the maximum length for …
• Each individual cryptographic component (whether classical or PQC-based) independently meets or exceeds the minimum cryptographic strength as enumerated in the table below.
• Mutual authentication must be enforced.
• All key transport follows basic key management principles, including cryptographic binding of key usage attributes to the transported key (i.e., use of a compliant Key Block as defined in the applicable key block requirements, such as those based on ANSI X9.143, ISO 20038, or ASC X9 TR-34 principles).
• The key block must include, at minimum: o Attributes defining the permitted operations for the key. o Attributes defining the cryptographic algorithm and mode of use. o Attributes defining exportability of the key. o Use of key-length obfuscation padding for symmetric keys to the maximum length for …
Added
p. 18
Q 54 ISO 9564 and requirement C1 require that the HSM’s security policy enforce the prohibition of the translation of PIN block formats from ISO format 0 to IS0 format 1. Are there any circumstances where it is permitted that HSMs allow the translation of PIN blocks from ISO format 0 to ISO format 1? A Yes, if a unique session key is used for every ISO format 1 PIN block, and the key uniqueness is guaranteed by the functionality of the HSM and is not reliant upon APIs exercised by the host application.
Added
p. 19
Q 57 September 2015: Is there any impact on the device’s approval if the laboratory-evaluated security policy is changed by the vendor? A The content of the security policy is part of the evaluation of a device by the laboratory and is an integral input upon which the approval of a device is based. Deployers rely on the security policy in order to ensure that they do not breach the conditions of a device's approval. Any change to the security policy which impacts on the security requirements of the device must be evaluated in order for the device to remain approved. Additionally, any change to the functionality offered by the device impacting information required to be contained in the security policy must be reflected in an update to the listed security policy document. Depending on the nature of the changes, this may be reflected in updates⎯e.g., appendices⎯to an existing security …
Modified
p. 4
Q 4 December 2013: Is it permissible to install firmware/software which is not PCI HSM approved on an HSM which is fully PCI HSM compliant, and for the PCI HSM compliance of the HSM to be restored at a later date by installing an approved version of firmware/software? A The PCI HSM compliance of the HSM ceases when the non-approved firmware/software is installed. The PCI HSM compliance of the HSM is restored if approved firmware/software is subsequently installed, subject to …
Q 4 December 2013: Is it permissible to install firmware/software which is not PCI HSM approved on an HSM which is fully PCI HSM compliant, and for the PCI HSM compliance of the HSM to be restored at a later date by installing an approved version of firmware/software? A The PCI HSM compliance of the HSM ceases when the non-approved firmware/software is installed. The PCI HSM compliance of the HSM is restored if approved firmware/software is subsequently installed, subject to …
Modified
p. 9 → 8
Q 21 September 2015: Firmware updates must be cryptographically authenticated, and if the authentication fails, the update is rejected and deleted. Are there any circumstances where firmware can be updated without authentication? A Some chipsets are not designed for firmware updates, but only to support firmware replacement. The deletion of the existing firmware and cryptographic keys during the replacement does not allow for the authentication of the new firmware to occur. In such cases it is acceptable to update the …
Q 21 September 2015: Firmware updates must be cryptographically authenticated, and if the authentication fails, the update is rejected and deleted. Are there any circumstances where firmware can be updated without authentication? A Some chipsets are not designed for firmware updates, but only to support firmware replacement. The deletion of the existing firmware and cryptographic keys during the replacement does not allow for the authentication of the new firmware to occur.
Modified
p. 9 → 8
Q 22 September 2015: If a device supports firmware updates, the device must cryptographically authenticate the firmware, and if the firmware is not confirmed, the firmware update must be rejected and deleted. Can a device completely load new firmware before checking its authenticity and overwrite its primary copy of existing authenticated code if it retains a secure backup copy of the existing authenticated code? A Yes, provided the following is true: • The new code is cryptographically authenticated prior to …
Q 22 September 2015: If a device supports firmware updates, the device must cryptographically authenticate the firmware, and if the firmware is not confirmed, the firmware update must be rejected and deleted. Can a device completely load new firmware before checking its authenticity and overwrite its primary copy of existing authenticated code if it retains a secure backup copy of the existing authenticated code? A Yes, provided the following is true:
Modified
p. 12 → 10
Q 32 September 2015: Is it acceptable to load double-length 128-bit TDES key components into a device in smaller bit-values⎯e.g., two 64-bit parts held by key custodian 1 and two 64-bit parts held by key custodian 2? A Yes, provided the 128-bit cryptographic TDES keys (and key components) are generated and managed as full double-length 128-bit TDES keys during their entire life cycle in accordance with ANSI X9.24 and ISO 11568. For example, it would be acceptable to generate a …
Q 32 September 2015: Is it acceptable to load double-length 128-bit TDES key components into a device in smaller bit-values⎯e.g., two 64-bit parts held by key custodian 1 and two 64-bit parts held by key custodian 2? A Yes, provided the 128-bit cryptographic TDES keys (and key components) are generated and managed as full double-length 128-bit TDES keys during their entire life cycle in accordance with ANSI X9.24 and ISO 11568.
Modified
p. 12 → 10
If key-check values are used to ensure key integrity, they must be calculated over the entire 128- bit key component or the resultant 128-bit key, but never on a portion of the key or key component. In addition, the resultant key inside the device must be recombined in accordance with PCI requirements and ANSI/ISO standards. Similarly for triple-length keys, the entire 192-bit key component or the resultant 192-bit key must be used to calculate the key-check values.
If key-check values are used to ensure key integrity, they must be calculated over the entire 128- bit key component or the resultant 128-bit key, but never on a portion of the key or key
Modified
p. 16
Q 46 September 2015: Is it acceptable for a PIN-encryption key to be used as a key-encrypting key, or for a key-encrypting key to be used as a PIN-encrypting key? A No. A key must be used for one purpose only as mandated by ANSI X9.24 and ISO 11568-3.
Q 48 September 2015: Is it acceptable for a PIN-encryption key to be used as a key-encrypting key, or for a key-encrypting key to be used as a PIN-encrypting key? A No. A key must be used for one purpose only as mandated by ANSI X9.24 and ISO 11568-3.
Modified
p. 17
Q 48 May 2022: If a PIN block translating HSM does not enforce a unique key per transaction encryption for the resulting PIN block, what restrictions apply to prevent the misuse of card issuance-related functions? A The following restrictions apply: • Standard PIN block formats⎯i.e., ISO format 0, 1, 2, 3 and 4⎯shall not be translated into non-standard PIN block formats and translations between these PIN block formats shall be restricted as specified in the table in DTR B14.
Q 50 May 2022: If a PIN block translating HSM does not enforce a unique key per transaction encryption for the resulting PIN block, what restrictions apply to prevent the misuse of card issuance-related functions? A The following restrictions apply:
Modified
p. 17
Q 49 December 2022: ISO 9564 stipulates restrictions on translations between PIN block formats, that are applicable when the HSM does not enforce unique-key-per-transaction encryption for the resulting PIN block. For example, translations from PIN block formats 0, 3 or 4 to PIN block format 1 is not allowed unless that stipulation is met. How must this unique-key-per-transaction encryption be enforced by the HSM? A The HSM must enforce the UKPT exception by integrating the UKPT derivation of the PIN …
Q 51 December 2022: ISO 9564 stipulates restrictions on translations between PIN block formats, that are applicable when the HSM does not enforce unique-key-per-transaction encryption for the resulting PIN block. For example, translations from PIN block formats 0, 3 or 4 to PIN block format 1 is not allowed unless that stipulation is met. How must this unique-key-per-transaction encryption be enforced by the HSM? A The HSM must enforce the UKPT exception by integrating the UKPT derivation of the PIN …
Modified
p. 18
Q 50 September 2015: The operating system of the device must contain only necessary components and must be configured securely and run with least privilege. What is considered an “operating system” for PCI purposes? A In the scope of PCI PTS, any underlying software providing services for code running in the device is considered part of the operating system. Examples of such services include: system initialization and boot, hardware abstraction layers, memory management, multitasking, synchronization primitives, file systems, device drivers, …
Q 52 September 2015: The operating system of the device must contain only necessary components and must be configured securely and run with least privilege. What is considered an “operating system” for PCI purposes? A In the scope of PCI PTS, any underlying software providing services for code running in the device is considered part of the operating system. Examples of such services include: system initialization and boot, hardware abstraction layers, memory management, multitasking, synchronization primitives, file systems, device drivers, …
Modified
p. 18
Q 51 February 2020: Can an HSM operating in PCI-mode support known weak cryptographic algorithms/key sizes not otherwise allowable when used for EMV card personalization? Yes. When used for EMV card personalization an HSM when operating in PCI mode may support:
Q 53 February 2020: Can an HSM operating in PCI-mode support known weak cryptographic algorithms/key sizes not otherwise allowable when used for EMV card personalization? A Yes. When used for EMV card personalization an HSM when operating in PCI mode may support:
Modified
p. 19 → 18
Q 53 September (update) 2015: Are HSMs allowed to support non-ISO PIN block formats and non-ISO algorithms? A Yes, however, the HSM must provide functionality to enforce a policy that meets B14: • ISO formats 0, 1, 2, 3 and 4 cannot be translated into any non-ISO format.
Q 55 September (update) 2015: Are HSMs allowed to support non-ISO PIN block formats and non-ISO algorithms? A Yes, however, the HSM must provide functionality to enforce a policy that meets B14:
Modified
p. 19
Q 54 May (update) 2018: Is the device allowed to share PCI relevant keys and passwords/authentication codes between PCI approved mode of operation and non-PCI approved mode of operation? A No. The device must either enforce separation of all PCI relevant keys and passwords/authentication codes between the two modes or the device must zeroize all PCI relevant keys and passwords/authentication codes when switching between modes except as follows. If the device includes an internally generated hardware key, for example inside …
Q 56 May (update) 2018: Is the device allowed to share PCI relevant keys and passwords/authentication codes between PCI approved mode of operation and non-PCI approved mode of operation? A No. The device must either enforce separation of all PCI relevant keys and passwords/authentication codes between the two modes or the device must zeroize all PCI relevant keys and passwords/authentication codes when switching between modes except as follows. If the device includes an internally generated hardware key, for example inside …
Modified
p. 20 → 19
Q 56 May 2018: The PCI PTS Lab Requirements prohibit a PTS lab from creating any vendor documentation. Are there any scenarios where a PTS lab may assist a vendor in creating documentation? A In some cases. A PTS vendor may revise a Security Policy for grammar, formatting, or spelling edits for a device under evaluation which requires those edits to be submitted to PCI to place on the portal. In this case, the PTS lab performing the evaluation may …
Q 58 May 2018: The PCI PTS Lab Requirements prohibit a PTS lab from creating any vendor documentation. Are there any scenarios where a PTS lab may assist a vendor in creating documentation? A In some cases. A PTS vendor may revise a Security Policy for grammar, formatting, or spelling edits for a device under evaluation which requires those edits to be submitted to PCI to place on the portal. In this case, the PTS lab performing the evaluation may …
Modified
p. 20
Q 57 August 2022: Vendors can have various options for both hardware and firmware that may be either security- or non-security-relevant. For non-security-relevant options, vendors are allowed to designate in their hardware/firmware identifiers a lower case “x” in the relevant position. Security-relevant options must have specific numbers and/or letters assigned and listed as part of the approval. The Program Guide specifies that options, both security- and non-security-relevant must be clearly defined and documented as to the options available and their …
Q 59 August 2022: Vendors can have various options for both hardware and firmware that may be either security- or non-security-relevant. For non-security-relevant options, vendors are allowed to designate in their hardware/firmware identifiers a lower case “x” in the relevant position. Security-relevant options must have specific numbers and/or letters assigned and listed as part of the approval. The Program Guide specifies that options, both security- and non-security-relevant must be clearly defined and documented as to the options available and their …
Modified
p. 20
Q 58 April 2023: HSM virtualization systems that are not implemented within a physical system that is tamper responsive must exist in their entirety in an environment that meets at least the security requirements of a controlled environment as outlined in ISO 13491-2. How is that handled where the vendor implements their own solution versus selling the solution to other entities to implement? A Where the vendor implements their own solution as part of an HSM as a Service, the …
Q 60 April 2023: HSM virtualization systems that are not implemented within a physical system that is tamper responsive must exist in their entirety in an environment that meets at least the security requirements of a controlled environment as outlined in ISO 13491-2. How is that handled where the vendor implements their own solution versus selling the solution to other entities to implement? A Where the vendor implements their own solution as part of an HSM as a Service, the …
Modified
p. 21 → 20
Q 59 September 2015: Many devices are designed so that third parties can create and load applications. Vendors often support this by providing third parties the tools needed to create and load applications. How can a vendor ensure that the application will not need to be controlled by the vendor? A If applications are not considered firmware, they do not need to be controlled by the vendor. The device design must prevent applications from impacting functions and features governed by …
Q 61 September 2015: Many devices are designed so that third parties can create and load applications. Vendors often support this by providing third parties the tools needed to create and load applications. How can a vendor ensure that the application will not need to be controlled by the vendor? A If applications are not considered firmware, they do not need to be controlled by the vendor. The device design must prevent applications from impacting functions and features governed by …