Frequently Asked Questions

< Back to search page

What is the involvement of the PCI SSC on the compliance validation processes for PCI DSS assessments and scan reports?

FAQ Response

While the PCI Security Standards Council (PCI SSC) manages the security standards and provides training for security assessors, we do not enforce compliance or define validation reporting requirements. Compliance validation programs are maintained by the individual payment brands, including requirements on how and who needs to validate compliance. The PCI SSC recommends that entities contact their acquirer and/or the payment brands directly, as applicable, to understand their validation reporting requirements. Please contact the payment brands directly.

March 2011
Article Number 1212