The PCI Security Standards Council makes copies of the various Report of Compliance (ROC) reporting template available to download as a PDF in their Document Library. The direct link to download the version 4 ROC reporting template is: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Reporting%20Template%20or%20Form/PCI-DSS-v4-0-ROC-Template-r1.pdf If you would prefer a copy of the template in Word format, ask your QSA. They…
Tag: FAQ
Where can I download a PCI AOC template? [PCI v4 Update]
The PCI Security Standards Council makes copies of the various Attestation of Compliance (AOC) reporting templates for download as both PDFs and as editable Microsoft Word DOCX documents in their Document Library. Read on for help in choosing which of these forms to use. Which AOC template you will use depends on the type of assessment you’re going…
Which PCI DSS SAQ do I use?
If you’re looking to use a PCI DSS SAQ, this implies you’re eligible to assess your PCI DSS compliance using a Self Assessment Questionnaire. Can I use a PCI SAQ? Eligibility for this is determined by the card brands themselves, rather than the PCI Security Standards Council. This is ultimately determined by what level the…
What is a PCI ASV and what do they do?
If you’re just entering the world of PCI DSS compliance, you’re going to learn that ASVs are very important. For even the lowest levels of merchants and service providers, the one thing required other than completing an annual Self Assessment Questionnaire (SAQ) is to conduct quarterly ASV scans. So what exactly is an ASV? An…
What are Service Provider Levels for PCI DSS?
For a general overview of how compliance levels operate in the PCI world, check my previous article on compliance levels for merchants. As with merchants, the PCI Security Standards Council doesn’t have anything to do with defining the service provider levels – that’s all handled by the individual card brands. Also as with merchants, there…
What is the PCI Dream Team?
You don’t have to spend too much time in the world of PCI DSS compliance to hear of the “PCI Dream Team.” So who are they, and what do they do? The name “PCI Dream Team” is a somewhat tongue-in-cheek name for a group of 4 senior QSAs and security consultants. Collectively they’ve been in…
What is a PCI DSS AOC? And how do I get one?
If you’re asking about a PCI DSS AOC, you probably work in the card payments space. It’s well known that the PCI DSS is the Payment Card Industry Data Security Standard, which all merchants and service providers have to comply with. So what’s a PCI DSS AOC? Well, in this case AOC stands for Attestation…
What does PCI DSS stand for?
The PCI DSS is the Payment Card Industry Data Security Standard. Here, Payment Card Industry refers to companies handling payment card data belonging to one of the 5 payment card brands: American Express, Discover, JCB, Mastercard, and Visa. In the mid-2000’s these 5 companies formed the PCI Security Standards Council to oversee development of a…
What are Merchant Levels for PCI compliance?
There are lots of sites which list PCI merchant compliance levels. They mostly make straightforward statements like “PCI requires merchants of transaction volumes over 6 million per year to be level 1”. This is a nice, simple approach. Unfortunately, it’s also wrong in a couple of different ways. PCI DSS doesn’t have any requirements to…
What is Level 1 PCI DSS Compliance?
If you search the PCI Council site (the maintainers of the PCI DSS suite), you won’t find any tables outlining different levels of compliance at all. There’s a reason for that, which is to do with how the PCI DSS first came to be. Historically, the various card brands including MasterCard and Visa all operated…
