Frequently Asked Question

Do PCI DSS requirements for protecting stored cardholder data apply to mainframes?

Yes. PCI DSS Requirement 3.5.1 applies to mainframes that store cardholder data. If a company has legitimate business or technical constraints in meeting this or any other requirement, compensating controls may be considered. Compensating controls must address the additional risk introduced by not meeting the original requirement.

Refer to Appendices B and C of PCI DSS v4.0.1 for more information about compensating controls.

June 2025

Article Number: 1093

Frequently Asked Question

Frequently Asked Question

Do PCI DSS requirements for protecting stored cardholder data apply to mainframes?

Featured FAQ Articles

Featured

Most Popular

Most Recently Updated

Copyright © 2006 – 2024 PCI Security Standards Council, LLC. All rights reserved. Terms and Conditions.

Frequently Asked Question

Do PCI DSS requirements for protecting stored cardholder data apply to mainframes?

Related

Featured FAQ Articles

Featured

Most Popular

Most Recently Updated

Copyright © 2006 – 2024 PCI Security Standards Council, LLC. All rights reserved. Terms and Conditions.