Frequently Asked Questions

< Back to search page

How frequently will the PCI Security Standards Council update the PCI DSS and PA-DSS?

FAQ Response

To minimize changes to the standards, the PCI Security Standards Council (PCI SSC) has established a lifecycle approach for PCI DSS and PA-DSS, where version changes to the standards will occur every 3 years. The 3-year standards lifecycle also allows for changes “out-of-cycle” as needed to address critical issues or errata.

To ensure that organizations have time to achieve compliance with new versions of the standards, certain new requirements may be phased in with future effective dates.

December 2008
Article Number 1061