Frequently Asked Question

Are there any plans to standardize the reporting requirements (reports) for the PCI DSS, PA-DSS, ASV, QSA and PTS programs that are sent to each of the payment brands?

The PCI Security Standards Council (PCI SSC) mission is to develop, maintain and build awareness around the standards and supporting programs. Additionally, the PCI SSC strives to ensure that implementing PCI Security Standards is an efficient process for all stakeholders. As we evolve the various programs, we will also evaluate methods to ensure consistency and clarity in the work and reporting provided by our qualified assessors and vendors.

While the PCI SSC manages the security standards and provides training for security assessors, we do not enforce compliance or define validation reporting requirements. Compliance validation programs are maintained by the individual payment brands, including requirements on how and who needs to validate compliance. The PCI SSC recommends that entities contact their acquirer and/or the payment brands directly, as applicable, to understand their validation reporting requirements. Please contact the payment brands directly.
Originally published: January 2013
Article Number: 1213

Featured FAQ Articles