Request for Comments
Provide Valuable Feedback
The PCI Security Standards Council (PCI SSC) highly values feedback from the global payment card industry in the development of PCI Security Standards and programs. Dedicated comment periods are one of the several ways that PCI SSC solicits feedback from stakeholders.
Request for Comments (RFC) periods are avenues for PCI SSC stakeholders to provide feedback on existing and new PCI Security Standards. This feedback plays a critical role in the ongoing maintenance and development of these resources for the payment card industry.
All comments will be available for viewing by those who participated in that RFC. Your comment(s), your organization’s name, and how PCI SSC actioned your feedback comments will be made available in the PCI SSC portal.
PCI SSC has developed detailed and easy-to-understand guidance on its official RFC process. To learn more, please check out the PCI Perspectives Blog, RFC Process Guide, RFC-at-a-Glance infographic and What to Know Before Participating in a PCI SSC RFC resource guide.
Current and Upcoming RFCs
|PCI Secure Software Standard v1.2.1
|Participating Organizations; PCI Recognized Labs; Qualified Security Assessors; Software Security Framework Assessors (Secure Software & Secure SLC); Card Production Security Assessors; Qualified PIN Assessors.
* Future RFC dates are estimates and subject to change.
For additional information about current RFCs or details about previous RFCs, please use your secure credentials to log into the PCI SSC portal.
When participating in an RFC, follow these steps to ensure your time is spent effectively and to facilitate quality contributions to PCI SSC standards and programs.