How frequently will the PCI Security Standards Council update the PCI DSS and PA-DSS?
Reinstated FAQs
38 FAQs have been deleted from the PCI SSC website and later restored.
Does media containing cardholder data (for example, backup tapes or disks) need to be physically labeled as confidential in order to meet PCI DSS Requirement 9.7.1?
→
For PCI DSS requirement 3.4.1 for disk encryption, what is the intent of requiring that logical access must be managed independently of native operating access control mechanisms?
→
What is the difference between "multi-factor" authentication and "two-factor" authentication?
→
Can you provide clarification for logging/audit trail per PCI DSS requirements 10.2.5 and 10.2.6?
How extensive must background checks be on employees who have access to cardholder data?
→
The PA-DSS Program Guide v2.0 says application version numbers may consist of a combination of fixed and variable alphanumeric characters. What does this mean?
→
For P2PE solutions, can you use PCI approved POI devices with SRED, where the PTS listing indicates "Non CTLS"?
Why does the PCI P2PE standard require SRED for PCI approved Point-of-Interaction (POI) devices?
If I am deemed PCI DSS compliant today by one of the payment card brands, will the other brands in the PCI Security Standards Council recognize this designation of compliance and if so, what information must be put forth to achieve such recognition?
→