FAQs that have been removed from the PCI SSC website or have dead links.
This is a Technical FAQ for P2PE versions 1.x. This is a "normative" FAQ that is considered to be part of the P2PE requirements and shall be considered during a …
In PCI DSS version 3, Requirements 6.5.10, 8.5.1, 9.9, 11.3, and 12.9 are considered "best practices" until June 30th, 2015, after which they become requirements. This is intended to give …
Version 3 of the self-assessment questionnaires (SAQs) are used to validate compliance against PCI DSS version 3, which is effective from January 1st, 2014. The PCI SSC strongly encourages all …
As part of the annual PA-DSS revalidation process, PCI SSC will be working with application vendors to identify applications which rely or depend on unsupported software, to ensure that validated …
Payment Application Qualified Security Assessors (PA-QSAs) are qualified by the Council to validate payment applications for compliance to PA-DSS. A list of PA-QSAs is available on the Council website. A …
The PCI Security Standards Council will make reasonable efforts to evaluate global coverage for both QSAs and ASVs, and will attempt to identify and encourage participation by qualified parties to …
Fees for validation services are set independently by the PA-QSAs.
PCI DSS Requirement 8 addresses secure authentication requirements and requires that all passwords and other authentication credentials be securely managed. These requirements apply to all non-consumer users and administrators. The …
Test FAQ
New validations and High Impact Changes using PA-DSS v3.1 will be accepted until 31 August 2016. Low Impact and No Impact Changes to listed applications that were previously validated to …
