Deleted FAQs

The intent of PCI DSS Requirement 10.3.6 is that audit logs include the identity or name of the data, system(s), or component(s) that is affected by the event being logged. …

In PCI DSS version 3, Requirements 6.5.10, 8.5.1, 9.9, 11.3, and 12.9 are considered "best practices" until June 30th, 2015, after which they become requirements. This is intended to give …

Version 3 of the self-assessment questionnaires (SAQs) are used to validate compliance against PCI DSS version 3, which is effective from January 1st, 2014. The PCI SSC strongly encourages all …

As part of the annual PA-DSS revalidation process, PCI SSC will be working with application vendors to identify applications which rely or depend on unsupported software, to ensure that validated …

Payment Application Qualified Security Assessors (PA-QSAs) are qualified by the Council to validate payment applications for compliance to PA-DSS. A list of PA-QSAs is available on the Council website. A …

The PCI Security Standards Council will make reasonable efforts to evaluate global coverage for both QSAs and ASVs, and will attempt to identify and encourage participation by qualified parties to …

Fees for validation services are set independently by the PA-QSAs.

PCI DSS Requirement 8 addresses secure authentication requirements and requires that all passwords and other authentication credentials be securely managed. These requirements apply to all non-consumer users and administrators. The …

Test FAQ

New validations and High Impact Changes using PA-DSS v3.1 will be accepted until 31 August 2016. Low Impact and No Impact Changes to listed applications that were previously validated to …