PCI DSS Resources

The PCI Security Standards Council (PCI SSC) website (www.pcisecuritystandards.org) provides the following additional resources to assist

organizations with their PCI DSS assessments and validations:

 Document Library, including:

– PCI DSS Summary of Changes

– PCI DSS Quick Reference Guide

– Information Supplements and Guidelines

– Prioritized Approach for PCI DSS

– Report on Compliance (ROC) Reporting Template and Reporting Instructions

– Self-Assessment Questionnaires (SAQs) and SAQ Instructions and Guidelines

– Attestations of Compliance (AOCs)

 Frequently Asked Questions (FAQs)

 PCI for Small Merchants website

 PCI training courses and informational webinars

 List of Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs)

 Lists of PCI approved devices, applications, and solutions

There are over 60 guidance documents and information supplements available on the PCI SSC website that provide specific guidance and

considerations for PCI DSS. Examples include:

 Guidance for PCI DSS Scoping and Network Segmentation

 PCI SSC Cloud Computing Guidelines

 Multi-Factor Authentication Guidance

 Third-Party Security Assurance

 Effective Daily Log Monitoring

 Penetration Testing Guidance

 Best Practices for Implementing a Security Awareness Program

 Best Practices for Maintaining PCI DSS Compliance

 PCI DSS for Large Organizations

 Use of SSL/Early TLS and Impact on ASV Scans

 Use of SSL/Early TLS for POS POI Terminal Connections

 Tokenization Product Security Guidelines

 Protecting Telephone-Based Payment Card Data

Refer to the Document Library at www.pcisecuritystandards.org for information about these and other resources.

In addition, refer to Appendix G for definitions of PCI DSS terms.