The Prioritized Approach provides guidance that will help merchants identify how to reduce risk to card holder data as early on as possible in their compliance journey. The tool groups together the requirements of PCI DSS 1.2 into six key milestones for merchants to consider in their card data security strategy.
The Prioritized Approach for PCI DSS 1.2 was created with input from the PCI SSC Board of Advisors, and informed by insight from real world results of data compromises shared by the assessment community. The Prioritized Approach offers guidance on how to focus PCI DSS implementation efforts in a way that expedites the security of cardholder data. It also
- Helps businesses identify highest risk targets
- Creates a common language around PCI DSS implementation efforts
- Enables merchants to demonstrate progress on compliance process to key stakeholders - banks, acquirers, QSAs, others
Prioritized Approach Guide and Worksheet
- Download the Prioritized Approach for PCI DSS 2.0 (pdf)
- Download the accompanying Prioritized Approach tool (xls) including: milestones, approach summary, and attestation of compliance (requires excel 2003 or later)
Prior to completing the PCI SSC Prioritized Approach Tool, please ensure that your version of Microsoft Excel is properly configured. The option to "Extend data range formats and formulas" must be unchecked in order to return accurate results. Complete instructions are available here.
To achieve PCI DSS compliance, an organization must meet all PCI DSS requirements, regardless of the order in which they are satisfied or whether the organization seeking compliance follows the PCI DSS Prioritized Approach. These documents do not modify or abridge the PCI DSS or any of its requirements, and may be changed without notice.
PCI SSC is not responsible for errors or damages of any kind resulting from the use of the information contained herein. PCI SSC makes no warranty, guarantee, or representation as to the accuracy or sufficiency of the information provided herein, and assumes no responsibility or liability regarding the use or misuse of such information.
© 2009 PCI Security Standards Council LLC. The intent of these documents is to provide supplemental information, which does not replace or supersede PCI SSC Security Standards or their supporting documents.