FAQs that have been removed from the PCI SSC website or have dead links.
No. The council will continue to offer approved device listings on our website. Any proposed changes to the PTS program discussed at the Community Meeting will have no material impact …
The intent of the one primary function per server requirement (Requirement 2 of the PCI DSS) is to ensure that your organization's system configuration standards and related processes address server …
PCI DSS is the standard for merchants and service providers to protect cardholder data. The PA-DSS and PTS device security requirements support the overall implementation of PCI DSS by allowing …
All changes to the software of a validated PA-DSS application must result in a new version number, even if there is no impact on PA-DSS requirements. This is necessary to …
The PCI Security Standards Council (PCI SSC) maintains a robust evaluation and qualification program for approved security assessors and scanning vendors. Information on becoming a qualified assessor or scan vendor …
This FAQ applies to P2PE v2.0.
A P2PE component is a service assessed to a specific set of P2PE requirements and that results in a P2PE component provider listing …
This is a Technical FAQ for P2PE versions 1.x. This is a "normative" FAQ that is considered to be part of the P2PE requirements and shall be considered during a …
Whether a particular whitelisting implementation can meet PCI DSS Requirement 5 will depend on the specific implementation. The intent of Requirement 5 is to detect, remove and protect system components …
The intent of PCI DSS requirement 10 is to ensure organizations have the necessary logs in place to provide an accurate and unaltered record of what has taken place within …
The PCI Point-to-Point Encryption (P2PE) Standard contains detailed security requirements and testing procedures for application vendors and providers of P2PE solutions to ensure that their solutions can meet the necessary …
