Generated by All in One SEO v4.9.7.2, this is an llms.txt file, used by LLMs to index the site. # PCI Journey Your Path to PCI DSS compliance ## Sitemaps - [XML Sitemap](https://pcijourney.com/sitemap.xml): Contains all public & indexable URLs for this website. ## Posts - [PCI DSS v4 now mandatory](https://pcijourney.com/pci-dss-v4-now-mandatory/) - The previous version of PCI DSS v3.2.1 is now fully retired. As previously announced, PCI DSS v3.2.1 was retired on 31 March 2024. - [Where can I download a PCI DSS ROC template? [PCI v4 Update]](https://pcijourney.com/where-can-i-download-pci-dss-roc-template/) - [Where can I download a PCI AOC template? [PCI v4 Update]](https://pcijourney.com/where-can-i-download-pci-dss-aoc-template/) - [New Guidance Doc: PCI DSS for Large Organizations](https://pcijourney.com/new-doc-pci-dss-for-large-organizations/) - The PCI SSC have released a new document offering guidance for PCI DSS in large organizations. Let's explore the unique challenges of PCI compliance at scale. - [PCI DSS v4.0 draft released](https://pcijourney.com/pci-dss-v4-0-draft-released/) - The first draft of PCI DSS v4.0 is now available to stakeholders for comment. What's the implication to the broader information security community? - [PCI Secure Software Framework Adoption Tracker](https://pcijourney.com/pci-secure-software-framework-uptake-tracker/) - The PCI Secure Software Framework should have a big impact on payments software. We track uptake over time for this important new set of security standards. - [What is a PCI DSS AOC? And how do I get one?](https://pcijourney.com/what-is-a-pci-dss-aoc/) - A PCI DSS AOC is a document that shows the current PCI DSS status for a company. Learn the different types of AOC, and how they're produced. - [Creating a Calendar for your PCI Compliance Schedule](https://pcijourney.com/creating-your-pci-compliance-calendar/) - PCI compliance means doing lots of things on a regular basis. The key to staying on top of these tasks is building a PCI compliance calendar like this one. - [PCI Software Security Framework Adoption [Updated]](https://pcijourney.com/pci-software-security-framework-adoption/) - The PCI Software Security Framework has now been operational for over six months. Let's review likely adoption rates so far in the payments industry. - [Does PCI DSS apply the same everywhere?](https://pcijourney.com/does-pci-dss-apply-the-same-everywhere/) - Different countries have significantly different rules around financial products. So does the PCI DSS apply differently in different places? - [Open Source Payment HSM Simulators](https://pcijourney.com/open-source-payment-hsm-simulators/) - Payment HSM simulators are great for studying the algorithms which secure payment card processing, and testing your payment software without access to an HSM. - [Choosing Open Source Software for PCI DSS](https://pcijourney.com/choosing-open-source-software/) - Learn to make informed choices when choosing which Open Source Software (OSS) to use as part of your PCI DSS card payment application. - [PCI Dream Team Episode List [Updated]](https://pcijourney.com/pci-dream-team-episode-list/) - Most PCI Dream Team events are available for public viewing on BrightTalk. As they don't have a dedicated channel, here's a list of videos for easy access. - [2020: The year in PCI DSS Compliance](https://pcijourney.com/2020-the-year-in-pci/) - 2020 was the year of COVID and massive economic disruption. Businesses had to adapt quickly or die. How did all of this affect the PCI DSS world? - [Happy First Anniversary to me!](https://pcijourney.com/happy-first-anniversary/) - It's been a full year since I registered pcijourney.com and wrote my first article. Let's take a look back at how it's gone. - [When does PCI DSS v4.0 take effect?](https://pcijourney.com/when-does-pci-dss-v4-0-take-effect/) - Version 4.0 of the PCI DSS security standard is coming soon. When will we see it, and when will we need to comply with its updated requirements? - [What are the Twelve PCI DSS Requirements?](https://pcijourney.com/what-are-the-twelve-pci-dss-requirements/) - To make card data security more manageable, the PCI Council has created the twelve PCI DSS requirements. Let's review the requirements and how to address them. - [What does PCI DSS allow you to store?](https://pcijourney.com/what-does-pci-dss-allow-you-to-store/) - A big part of payment card security is understanding what does PCI DSS allow you to store, and when? Let's explore the different scenarios and rules that apply. - [What are the Six PCI DSS Objectives?](https://pcijourney.com/what-are-the-six-pci-dss-objectives/) - There are 6 PCI DSS objectives which all work together with the goal of protecting Cardholder Data. Let's take a look at these objectives and see how they work. - [How to do PCI DSS in the Cloud](https://pcijourney.com/how-to-do-pci-dss-in-the-cloud/) - PCI DSS compliance can be complicated, and QSA unfamiliarity with the cloud adds extra challenges. Learn to navigate your way through the cloud compliance maze! - [How do I get a PCI Compliance Scan?](https://pcijourney.com/how-do-i-get-a-pci-compliance-scan/) - PCI Compliance scans are really important for any business working with PCI DSS. Let's find out what these are, why they matter, and how to get one. - [Which are the most popular PCI QSA Companies?](https://pcijourney.com/which-are-the-most-popular-pci-qsa-companies/) - The PCI QSA business is fairly opaque, ranging from brand names to some you've never heard of competing for business. How do their assessment volumes compare? - [How to choose your PCI QSA?](https://pcijourney.com/how-to-choose-your-pci-qsa/) - With PCI DSS, picking the right QSA is one of the most important decisions you can make. Here are some pointers to help you make the best choice for you. - [PCI DSS 4.0 RFC - second draft](https://pcijourney.com/pci-dss-4-0-rfc-second-draft/) - On 23 September 2020, the PCI Council released the second draft of PCI DSS 4.0 standard for community feedback. What's likely to change this time around? - [Which PCI DSS SAQ do I use?](https://pcijourney.com/which-pci-dss-saq-do-i-use/) - There are currently 9 Self Assessment Questionnaires available to companies who can self assess for PCI DSS. It's important for you to choose the right one. - [What is a PCI ASV and what do they do?](https://pcijourney.com/what-is-a-pci-asv/) - ASV scans are required for almost every company that has PCI DSS obligations. So what is a PCI ASV, and how do they help you achieve PCI DSS compliance? - [PCI Software Security Framework goes live](https://pcijourney.com/pci-software-security-framework-goes-live/) - This week saw Coalfire announced as the first QSA Company accredited to conduct assessments under the PCI Software Security Framework. - [What are Service Provider Levels for PCI DSS?](https://pcijourney.com/what-are-service-provider-levels-for-pci-dss/) - Your PCI DSS Service Provider Level is based on annual transaction volume and the card brands you deal with. Let's map these out in our convenient table. - [What is the PCI Dream Team?](https://pcijourney.com/what-is-the-pci-dream-team/) - If you work in the PCI DSS world, you've likely heard of the PCI Dream Team. Just who are they, and what do they do? - [What does PCI DSS stand for?](https://pcijourney.com/what-does-pci-dss-stand-for/) - The PCI DSS is the Payment Card Industry Data Security Standard. Click to learn who the Payment Card Industry are, and whether this Standard affects you. - [What are Merchant Levels for PCI compliance?](https://pcijourney.com/what-are-merchant-levels-for-pci-compliance/) - Your merchant level for PCI is based on your card transaction volume and the cards you accept. Let's see how your level affects your reporting requirements. - [What is Level 1 PCI DSS Compliance?](https://pcijourney.com/what-is-level-1-pci-dss-compliance/) - When big companires are asked about PCI compliance, it's always "Are you Level 1"? Since there's nothing in the PCI standard about levels, what does that mean? - [What is a PCI Compliance Certificate?](https://pcijourney.com/what-is-a-pci-compliance-certificate/) - People regularly ask to see your PCI DSS Certificate of Compliance. What is that? And what do you give them to satisfy their request? - [The Best PCI DSS Advice](https://pcijourney.com/the-best-pci-dss-advice/) - Maintaining PCI DSS compliance involves making lots of tradeoffs. What's the best way to figure out when to take the easy path, and when to go the extra mile? - [Cloud logging services and PCI DSS](https://pcijourney.com/cloud-logging-services-and-pci-dss/) - Various cloud logging services are available to help you meet your PCI DSS Requirement 10 obligations. Let's see how they stack up. - [PCI Calendar - Service Provider Edition](https://pcijourney.com/pci-calendar-service-provider-edition/) - If you're a Service Provider, PCI DSS has some additional recurring tasks for you. Let's find out what those are and get them on the calendar. ## Pages - [Welcome to PCI Journey](https://pcijourney.com/) - PCI Journey discusses the challenges and opportunities presented by PCI DSS compliance, and the tools and techniques required to achieve it. - [What is a payment card Service Code?](https://pcijourney.com/what-is-a-payment-card-service-code/) - Card Service Codes are 3 digit codes encoded on payment card magnetic stripes. The Service Code defines how and where the card may be used. - [PCI DSS 101: Get up to speed quickly on PCI Compliance](https://pcijourney.com/pci-dss-101/) - What are the PCI DSS requirements? Who mandates PCI compliance? Whether you're Merchant or Service Provider, let's get up to speed quickly with PCI DSS 101! - [What is a PCI QSA and a QSAC?](https://pcijourney.com/what-is-a-pci-qsa/) - In the PCI compliance world, few players are more important than QSAs and QSACs. But who are they? What do they do? And, do you need to one? Let's find out. - [PCI DSS Compliance Resources](https://pcijourney.com/resources/) - There are lots of resources available to help you manage your PCI DSS compliance. Here we present a curated selection of some of the best out there. - [Contact](https://pcijourney.com/contact/) - Contact Pete if you have any feedback on this site, or if you have any questions you'd like answered and which would be good material for an article. - [Training & Qualifications for PCI DSS Compliance](https://pcijourney.com/resources/training-qualifications/) - You can take many different paths to learn about PCI DSS compliance. Let us guide you through some of the free and paid options. - [About PCI Journey](https://pcijourney.com/about-pci-journey/) - Let's learn about PCI Journey, and it's author Pete. What content will you find here, and what is going to be off limits for discussion? - [Privacy Policy](https://pcijourney.com/privacy-policy/) - [PCI DSS Glossary](https://pcijourney.com/resources/glossary/) - The PCI DSS world is full of obscure acronyms. Let's decode some of the more common ones and understand what they mean. - [Software & Tools for PCI DSS Compliance](https://pcijourney.com/resources/software-tools/) - Using the right tools can really streamline your PCI compliance efforts. Here are a range of free and commercial options you should consider in your planning. ## Categories - [Blog](https://pcijourney.com/category/blog/) ## Tags - [calendar](https://pcijourney.com/tag/calendar/) - [tools](https://pcijourney.com/tag/tools/) - [logging](https://pcijourney.com/tag/logging/) - [QSA](https://pcijourney.com/tag/qsa/) - [planning](https://pcijourney.com/tag/planning/) - [FAQ](https://pcijourney.com/tag/faq/) - [reporting](https://pcijourney.com/tag/reporting/) - [levels](https://pcijourney.com/tag/levels/) - [training](https://pcijourney.com/tag/training/) - [news](https://pcijourney.com/tag/news/) - [ASV](https://pcijourney.com/tag/asv/) - [SAQ](https://pcijourney.com/tag/saq/) - [AOC](https://pcijourney.com/tag/aoc/) - [COVID-19](https://pcijourney.com/tag/covid-19/) - [RFC](https://pcijourney.com/tag/rfc/) - [v4.0](https://pcijourney.com/tag/v4-0/) - [Roundup](https://pcijourney.com/tag/roundup/) - [software](https://pcijourney.com/tag/software/) - [vulnerability management](https://pcijourney.com/tag/vulnerability-management/) - [HSM](https://pcijourney.com/tag/hsm/) - [global](https://pcijourney.com/tag/global/) - [data retention](https://pcijourney.com/tag/data-retention/) - [QSAC](https://pcijourney.com/tag/qsac/) - [market analysis](https://pcijourney.com/tag/market-analysis/) - [compliance scan](https://pcijourney.com/tag/compliance-scan/) - [cloud](https://pcijourney.com/tag/cloud/) - [service code](https://pcijourney.com/tag/service-code/) - [cardholder data](https://pcijourney.com/tag/cardholder-data/) - [objectives](https://pcijourney.com/tag/objectives/) - [storage](https://pcijourney.com/tag/storage/) - [requirements](https://pcijourney.com/tag/requirements/) - [SSF](https://pcijourney.com/tag/ssf/) - [commentary](https://pcijourney.com/tag/commentary/)