Frequently Asked Questions

Featured FAQ Articles
Featured
-
What should an entity do if its PCI DSS v3.2.1 assessment will not be complete prior to that standard’s retirement date of 31 March 2024?
-
How does an entity report the results of a PCI DSS assessment for new requirements that are noted in PCI DSS as best practices until a future date?
-
Does an entity’s PCI DSS assessment result expire when the standard against which the entity was assessed is retired?
Most Recently Updated
-
Can a Qualified Security Assessor (QSA) ask an auditor from the same company (for example, one conducting a SOC 2 or SOC 3 audit) to collect evidence for a PCI DSS assessment?
-
Which version of PCI DSS should an entity use?
-
What should an entity do if its PCI DSS v3.2.1 assessment will not be complete prior to that standard’s retirement date of 31 March 2024?