Frequently Asked Questions

< Back to search page

Does the council have a mapping between PCI DSS and ISO 27002 (formerly ISO 17799) or other standards?

FAQ Response

There is no direct correlation between PCI DSS and ISO 27002. The ISO standards provide a framework for implementing an information security program while PCI DSS provides a baseline of technical and operational requirements for the protection of payment card data. Work performed to implement an ISO standard is a good start to becoming PCI DSS compliant, and can provide input and support for PCI DSS compliance efforts. The PCI Security Standards Council does not have a document that maps PCI DSS to other standards. However, other standards organizations may have this type of mapping available.

February 2008
Article Number 1131