Frequently Asked Questions

< Back to search page

Can I report on my Prioritized Approach progress instead of producing a Report on Compliance or Attestation of Compliance?

FAQ Response

The PCI SSC does not manage the process for reporting PCI DSS compliance. Please check with your acquiring bank or payment card brands for this information.

August 2013
Article Number 1257

Can the “Compliant but with Legal exception” option in the AOC be used to identify where a testing procedure could not be performed due to a legal constraint?

What is an Attestation of Compliance?

Can the AOC be redacted to protect sensitive information?

Can an Attestation of Compliance (AOC) be provided to an assessed entity before the Report on Compliance (ROC) is finalized?

Where can I find unlocked versions of the AOCs and SAQs?

Frequently Asked Questions

Can I report on my Prioritized Approach progress instead of producing a Report on Compliance or Attestation of Compliance?

Related Articles