Frequently Asked Questions

< Back to search page

I’m in the middle of a PCI DSS assessment when a new version is released – should I start again using the new version?

FAQ Response

Organizations that have already begun their PCI DSS validation when a new version is released can complete their assessment and validation process to the previous version prior to its retirement. Once the previous version has been retired, all validation efforts must be to the most current PCI DSS version.

As clarifications and additional guidance provided in updated PCI DSS versions may facilitate the implementation of requirements and address current threats, organizations are strongly encouraged to complete their transition to the most current PCI DSS version as early as possible.

May 2015
Article Number 1266