Monday, April 27, 2015

New PCI DSS SAQs for version 3.1

As Emma Sutcliffe mentioned to us at the PCI Workshop last week, the PCI Security Standards Council has today released version 3.1 of the Self-Assessment Questionnaires. At this time they are only available in Microsoft Word format. I expect the PDFs will come later.

In addition, there are two new updates to previous documents. First, there is new version of Understanding SAQs for PCI DSS v3. I wish they had called it v3.1 to distinguish it from that confusing InfoSupp released last May. I have not read it in detail yet, but I did take a look at the comparison tables. Hallelujah! They removed that horrible, undefined term “acceptance” from the document. That added so much confusion. They also removed the entire “Control of Cardholder Data” comparison completely.

The other updated document is SAQ Instructions and Guidelines v3.1, finally updated from PCI DSS v2. I haven’t had a chance to dig deeply into this either, but I’m sure it will yield some gems I can use in tomorrow’s PowerPoint!

You can find the new documents on the PCI SSC web site in the document library under the SAQs tab. There is also a SAQs v3.1 link on the home page:

No comments:

Post a Comment