The previous version of PCI DSS v3.2.1 is now fully retired. As previously announced, PCI DSS v3.2.1 was retired on 31 March 2024. Despite rumors, there has been no extension of the old v3.2.1 standard. Anyone undergoing a PCI DSS audit today will need to comply and be assessed against the v4 standard instead. Most…
Category: Blog
Where can I download a PCI DSS ROC template? [PCI v4 Update]
The PCI Security Standards Council makes copies of the various Report of Compliance (ROC) reporting template available to download as a PDF in their Document Library. The direct link to download the version 4 ROC reporting template is: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Reporting%20Template%20or%20Form/PCI-DSS-v4-0-ROC-Template-r1.pdf If you would prefer a copy of the template in Word format, ask your QSA. They…
Where can I download a PCI AOC template? [PCI v4 Update]
The PCI Security Standards Council makes copies of the various Attestation of Compliance (AOC) reporting templates for download as both PDFs and as editable Microsoft Word DOCX documents in their Document Library. Read on for help in choosing which of these forms to use. Which AOC template you will use depends on the type of assessment you’re going…
PCI Secure Software Framework Adoption Tracker
I’ve written elsewhere about the initial uptake of the PCI Secure Software Framework. We’re rapidly approaching the point in time where the PCI PA-DSS will close for new submissions, and the PCI SSF will be the only show in town for PCI software vendors. This page will be updated on approximately a monthly basis, to…
What are the Twelve PCI DSS Requirements?
PCI DSS exists with the goal of protecting payment card data. But that’s a big task, and in the past different companies went about this in very different ways. To make this more manageable, the PCI DSS creates six high level objectives for card data security. These objectives are then subdivided into the twelve PCI…
What does PCI DSS allow you to store?
It’s a simple question: what does PCI DSS allow you to store? The answer is, like most things with PCI DSS, a little complicated. The general approach of the PCI Data Security Standard is to minimize the types of card data that may be stored, and to minimize the amount of time you can store…
What are the Six PCI DSS Objectives?
The ultimate goal of the PCI DSS is to lower financial losses due to fraud across the card payment world. How does it go about this? The six PCI DSS objectives work together to lower risks across your card processing operations. When followed correctly they make it harder for unauthorized people to get their hands…
How to do PCI DSS in the Cloud
Cloud computing poses some unique challenges for building and maintaining secure systems. Whenever somebody says they’re using “the cloud”, what they’re really saying is that they’re using “someone else’s computer”. When you remember that the cloud is really just someone else’s computer, it drives home how difficult security can be. In this new model, nobody…
How do I get a PCI Compliance Scan?
If you need to comply with PCI DSS, the chances are very good that you will need to perform regular compliance scans. This raises some questions: what is a PCI compliance scan; why might you need one; and who can do one? Companies that need to comply with PCI DSS are met with varying sets…
Which are the most popular PCI QSA Companies?
There are no public league tables published which rank how much volume each PCI QSAC handles. At least, that information is not generally available publicly, and for good reason: the volumes handled by a QSA company are commercially sensitive. They give insight into whether the business is growing or shrinking, thriving or dying. Much of…