Card Production Security Assessor (CPSA) Qualification

cpsa-landing-page

The instructor led Card Production Security Assessor classes teach you how to perform assessments of entities in accordance with the PCI Card Production and Provisioning Standards. There are two classes available to cover both the physical and logical security requirements that may be required as part of a Card Production Assessment.

Logical Assessor training will cover systems, business processes, and activities associated with card production and provisioning such as Cryptographic Key Management, EMV data preparation, pre-personalization, magnetic stripe and IC personalization, PIN generation and/or printing, and fulfillment.

Physical Assessor training will cover the physical security controls of entities that perform any or all of the following activities:

  • Manufacture of payment cards and other EMV chip-based payment products
  • Magnetic stripe personalization
  • Chip pre-personalization
  • Chip embedding
  • EMV, data-preparation
  • OTA Provisioning
  • HCE provisioning
  • PIN Generation and/or Printing
  • Fulfillment

 

Course Highlights

The PCI Card Production and Provisioning Logical Security Standard provides a set of security requirements and assessment procedures for performing PCI Card Production Logical Security Assessments. 

The Card Production Assessor logical security training covers the PCI Card Production and Provisioning Logical Security Requirements and Testing Procedures (PCI Card Production and Provisioning Logical Security Standard). Candidates will learn how to:

  • Validate and confirm the scope of the Card Production Environment as defined by the assessed entity.
  • Select employees, facilities, systems, and system components accurately representing the assessed environment if sampling is employed.
  • Apply independent judgement about whether the assessed entity meets the PCI Card Production and Provisioning Logical Security Standard.
  • Effectively use the PCI Card Production and Provisioning ROC Reporting Template to produce PCI Card Production and Provisioning Logical Security Reports on Compliance.
  • Validate and attest to an entity’s PCI Card Production and Provisioning Logical Security Standard compliance status.
  • Conduct follow-up assessments as needed.
  • Learn how to complete the PCI Card Production and Provisioning ROC and PCI Card Production and Provisioning AOC documentation required for submission following completion of an assessment.

Benefits

  • Support client’s ongoing security and compliance efforts through your knowledge of the PCI Card Production and Provisioning Logical Security Standard.
  • Gain recognition of your professional achievement with this industry credential.
  • Expand your knowledge in securing the payments chain with an in depth look at how a card production entities systems, key management, and security procedures must meet the PCI Standard.
  • Be included in a searchable directory on the PCI website.

Right for You?

If you want to:

  • Learn more about the Card Production and Provisioning Logical Security Standard.
  • Learn more about the Card Production and Provisioning Physical Security Standard.
  • Perform PCI CPSA Assessments and validate an organization’s compliance status.
badge-cpsa.png

Digital Badging

When you become a Card Production Security Assessor, display your digital badge and represent your skills and gives you a way to share your abilities online in a way that is simple, trusted and can be easily verified in real time.

Schedule

CPSA Physical

  • 4 Mar 2025

    05:00-13:30 ET (10:00-18:30 UTC)

    Virtual Instructor-Led (vILT)

  • 10 Jun 2025

    06:00-14:30 ET (10:00-18:30 UTC)

    Virtual Instructor-Led (vILT)

  • 26 Aug 2025

    09:00-17:30 ET (13:00-21:30 UTC)

    Virtual Instructor-Led (vILT)

  • 11 Nov 2025

    09:00-17:30 ET (14:00-22:30 UTC)

    Virtual Instructor-Led (vILT)

CPSA Logical

  • 6 Mar 2025

    05:00-13:30 ET (10:00-18:30 UTC)

    Virtual Instructor-Led (vILT)

  • 12 Jun 2025

    06:00-14:30 ET (10:00-18:30 UTC)

    Virtual Instructor-Led (vILT)

  • 28 Aug 2025

    09:00-17:30 ET (13:00-21:30 UTC)

    Virtual Instructor-Led (vILT)

  • 13 Nov 2025

    09:00-17:30 ET (14:00-22:30 UTC)

    Virtual Instructor-Led (vILT)

vILT (Virtual Instructor led) classes are a combination of eLearning and a live webinar.

Rectangle-Copy.webp

Become a CPSA when you take this class and become qualified.

Prices

Course Price
New Card Logical Training (eLearning only) USD 3,000

Requalification Card Logical Training

USD 1,800

Knowledge Training Card Logical Non-PO *

USD 1,500

Knowledge Training Card Logical  PO *

USD 1,200

New Card Physical Training (eLearning only)

USD 1,500

Requalification Card Physical Training

USD 1,200

Knowledge Training Card Physical Non-PO *

USD 1,000

Knowledge Training Card Physical PO *

USD 700

Training class change fee

USD 185

Please note: Unless otherwise specified, all fees are in US Dollars.

* Knowledge training does not lead to assessor status.

asv-training.jpg

In order to attend PCI Card Production Security Assessor training for certification, you must be a full-time employee of an active CPSA Company.

How to Prepare for the Exam

Prior to taking the CPSA Logical Security training and exam, candidates should familiarize themselves with information regarding the PCI Card Production and Provisioning Logical Security Standard, the CPSA program, and all other supporting documents available on the PCI Website Document Library.

training-doc-library-2.jpg

This class can also be taken as knowledge training for those that do not require qualification.

 

Training Formats and Exam Information

New Training Offerings:

Each training (Logical and Physical) will include a 6-hour online prerequisite course which must be completed prior to the live webinar.

  • Virtual Instructor-led training (vILT): Combination online training and instructor-led webinar with an exam offered via Pearson Vue within 30 days of webinar.
  • Please see Schedule tab for dates of vILT trainings

New Exam Specifics:

  • All exams are closed book.
  • Exam is 50 multiple choice questions with a 90-minute time limit.
  • Results of Pearson Vue exams are delivered upon completion of the exam.
  • 75% or higher to pass the exam; the only information that can be released concerning exams is your grade.
  • If you fail the exam, you must take the training and exam again and pay a new invoice.

Registration Process

Step 1 – Review

Refer to the CPSA Qualification Requirements for a complete description of the program and its requirements, and to confirm that you are a suitable candidate for the program. Then complete the CPSA registration form online (see step 2).

Step 2 – Apply

Complete the online application form through PCI SSC’s secure portal. Application requirements include:

  • Submit CPSA registration form 
  • Complete company application (Primary Contact will gain access to the online application only after the CPSA registration form has been approved by PCI SSC).
  • Enroll professionals in CPSA training (Primary Contact will have the ability to enroll professionals in CPSA training through the portal only after the CPSA Company application has been approved).
  • Submit payment (training invoice will be emailed to Primary Contact within 2-3 business days of CPSA training request approval). For more information about the training fees, please see the CPSA Training Pricing page.

Step 3 - Train

Upon receipt of payment the primary contact will receive the location details for the instructor-led class.

Step 4 - Enrollment

Once the application has been approved by the PCI Security Standards Council, and its designated CPSA employees have attended and passed the CPSA training, the CPSA Company will receive confirmation of acceptance into the program, and the CPSA employees will each receive a Certificate of Qualification. The CPSA employees will be added to the Council’s database of certified CPSA personnel, and the company may now perform its own security audits until the time comes to complete the annual Requalification training to maintain the certification.

Requalification Requirements

In order to maintain the high standards set for this qualification, all CPSAs must requalify every year to continue to maintain their status and be listed on the PCI website.

Requalification requirements help ensure that CPSAs remain current with technical and industry changes and demonstrate professionalism.

To maintain active qualification status, CPSAs must:

  • Complete at least three (3) Logical PCI Card Production Assessments for different facilities over the previous one-year period
  • Complete at least three (3) Physical PCI Card Production Assessments for different facilities over the previous one-year period
  • Abide by the PCI SSC Code of Professional Responsibility
  • Meet the Continuing Professional Education (CPE) requirements:
  • There is no requirement for CPSA Logical Assessors to report CPEs to PCI
  • CPSA (Physical Assessor with no industry certifications) 10 CPE credits per year and a minimum of 30 CPE credits over a rolling three-year period
  • Download the current version of the CPE Maintenance Guide
  • Training provided by PCI SSC will count towards the annual CPE hours.
  • Maintaining professional certification(s) as required
  • Successfully pass annual requalification training

The Council emails courtesy reminders 90 days in advance of your qualification expiry date. To complete the requalification process, the required CPE hours and a requalification registration must be submitted prior to the expiry date and a passing score must be achieved on the exam no later than 14 days after the expiry date.

  • For your convenience, CPE hours can be tracked and stored in the PCI portal at any time (if required). All required CPE hours must be input prior to requalification
  • Once the required number of CPE hours has been recorded, select a requalification option and submit your registration
  • An invoice will be emailed within 2-3 business days
  • You will receive an email containing instructions and credentials to complete the requalification exam within 2 business days of payment processing
  • Once you successfully pass the exam, a new certificate will be emailed, and you’ll be listed on the PCI website as a CPSA for another year

Requalification exam:

  • Non-proctored remote exam
  • Logical – 40 multiple choice questions with a 90-minute time limit.
  • Physical – 50 multiple choice questions with a 90-minute time limit.
  • 75% or higher to pass the exam; the only information that can be released concerning exams is the grade.
  • If you fail the exam, please have the primary contact email registration@pcisecuritystandards.org for the next steps.

Requalification Process

The Council emails courtesy reminders 90 days in advance of your qualification expiry date. To complete the requalification process, the required CPE hours and a requalification registration must be submitted prior to the expiry date and a passing score must be achieved on the exam no later than 14 days after the expiry date.
  • For your convenience, CPE hours can be tracked and stored in the PCI portal at any time (if required). All required CPE hours must be input prior to requalification
  • Once the required number of CPE hours has been recorded, select a requalification option and submit your registration
  • An invoice will be emailed within 2-3 business days
  • You will receive an email containing instructions and credentials to complete the requalification exam within 2 business days of payment processing
  • Once you successfully pass the exam, a new certificate will be emailed, and you’ll be listed on the PCI website as a CPSA for another year

Requalification training, and a training invoice will be issued to the primary contact.