Frequently Asked Questions

< Back to search page

I’m in the middle of a PCI DSS assessment when a new version is released – should I start again using the new version?

FAQ Response

Organizations that have already begun their PCI DSS validation when a new version is released can complete their assessment and validation process to the previous version prior to its retirement. Once the previous version has been retired, all validation efforts must be to the most current PCI DSS version.

As clarifications and additional guidance provided in updated PCI DSS versions may facilitate the implementation of requirements and address current threats, organizations are strongly encouraged to complete their transition to the most current PCI DSS version as early as possible.

May 2015
Article Number 1266

What are acceptable formats for truncation of primary account numbers?

Does PCI DSS define which versions of TLS must be used?

How does encrypted cardholder data impact PCI DSS scope for third-party service providers?

How does PCI DSS apply to VoIP?

How does encrypted cardholder data impact PCI DSS scope?

Frequently Asked Questions

I’m in the middle of a PCI DSS assessment when a new version is released – should I start again using the new version?

Related Articles