Frequently Asked Questions

< Back to search page

I’m in the middle of a PCI DSS assessment when a new version is released – should I start again using the new version?

FAQ Response

Organizations that have already begun their PCI DSS validation when a new version is released can complete their assessment and validation process to the previous version prior to its retirement. Once the previous version has been retired, all validation efforts must be to the most current PCI DSS version.

As clarifications and additional guidance provided in updated PCI DSS versions may facilitate the implementation of requirements and address current threats, organizations are strongly encouraged to complete their transition to the most current PCI DSS version as early as possible.

May 2015
Article Number 1266

Does PCI DSS define which versions of TLS must be used?

How does encrypted cardholder data impact PCI DSS scope for third-party service providers?

What are acceptable formats for truncation of primary account numbers?

How can an entity meet PCI DSS requirements for PAN masking and truncation if it has migrated to 8-digit BINs?

Does the use of expired PTS POI devices meet eligibility criteria for SAQ B-IP?

Frequently Asked Questions

I’m in the middle of a PCI DSS assessment when a new version is released – should I start again using the new version?

Related Articles