Request for Comments
Provide Valuable Feedback
The PCI Security Standards Council (PCI SSC) highly values feedback from the global payment card industry in the development of PCI Security Standards and programs. Dedicated comment periods are one of the several ways that PCI SSC solicits feedback from stakeholders.
Request for Comments (RFC) periods are avenues for PCI SSC stakeholders to provide feedback on existing and new PCI Security Standards. This feedback plays a critical role in the ongoing maintenance and development of these resources for the payment card industry.
All comments will be available for viewing by those who participated in that RFC. Your comment(s), your organization’s name, and how PCI SSC actioned your feedback comments will be made available in the PCI SSC portal.
PCI SSC has developed detailed and easy-to-understand guidance on its official RFC process. To learn more, please check out the PCI Perspectives Blog, RFC Process Guide, RFC-at-a-Glance infographic and What to Know Before Participating in a PCI SSC RFC resource guide.
Current and Upcoming RFCs
|PCI TSP Security Requirements v1.0||March/April 2023||Participating Organizations; Qualified Security Assessors; Software Security Framework Assessors; Card Production Security Assessors; Qualified PIN Assessors;|
|PCI P2PE: Security Requirements and Testing Procedures, v3.1||April/May 2023||Participating Organizations; P2PE Assessors; P2PE Application Assessors; Qualified Security Assessors; Qualified PIN Assessors;|
* Future RFC dates are estimates and subject to change.
For additional information about current RFCs or details about previous RFCs, please use your secure credentials to log into the PCI SSC portal.
The RFC Process is for all PCI Security Standards—both new standards under development and existing standards subject to revision.
Request for comment (RFC) periods are opportunities for PCI SSC stakeholders to provide feedback on existing and new PCI Security Standards.
When participating in an RFC, follow these steps to ensure your time is spent effectively and to facilitate quality contributions to PCI SSC standards and programs.