Frequently Asked Question

Are PA-DSS applications considered valid if installed on an operating system that is not included in the payment application listing?
A PA-DSS validation is only applicable to the operating system(s) upon which the application was assessed, as reported in the ROV and as listed with the application on the PCI SSC List of Validated Payment Applications.
If a PA-DSS payment application is installed onto an operating system that is not included in its PCI SSC listing, then it is still possible that the application is able to support a merchant’s PCI DSS compliance. However, there has been no validation that the application will be able to meet PA-DSS requirements when installed on that operating system, and the application cannot be considered PA-DSS validated for that implementation.
June 2014
Article Number: 1278
Featured FAQ Articles
Most Recently Updated
-
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
-
Can SAQ eligibility criteria be used for determining applicability of PCI DSS requirements for assessments documented in a Report on Compliance?
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?