PCI DSS

Download Free Payment Card Industry Data Security Standards (PCI DSS) Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

Download Page

Requirement 6: Develop and maintain secure systems and applications

This document provides guidance and requirements applicable to ASVs in the framework of the PCI DSS and associated payment brand data protection programs. Security scanning companies interested in providing scan services in conjunction with the PCI program must comply with the requirements set forth in this document and must successfully complete the PCI Security Scanning Vendor Testing and Approval Process.

Download Page

To be recognized as an ASV by PCI SSC, the ASV, ASV employees, and the ASVs scanning solution must meet or exceed the requirements described in this document and execute the “PCI ASV Compliance Test Agreement” attached as Appendix A (the “Agreement”) with PCI SSC. The companies that qualify are identified on PCI SSC’s ASV list on PCI SSC’s web site in accordance with the Agreement.

Download Page

To be recognized as a QSA by PCI SSC, QSAs must meet or exceed the requirements described in this document and execute the QSA Agreement with PCI SSC attached to this document as Appendix A (the “Agreement”).

Download Page

The Payment Card Industry Data Security Standard (DSS) v 1.1 has replaced the DSS v. January 2005, and the PCI Security Standards Council will no longer recognize DSS v. 2005 after December 31, 2006. This Summary of Changes document provides an overview of the significant differences between the two versions.

Download Page

This document explains the purpose and scope of the Payment Card Industry (PCI) Security Scan for merchants and service providers who undergo PCI Security Scans to help validate compliance with the PCI Data Security Standard (DSS). Approved Scanning Vendors (ASVs) also use this document to assist merchants and service providers in determining the scope of the PCI Security Scan.

Download Page

This document is designed for use by assessors conducting onsite reviews for merchants and service providers required to validate compliance with Payment Card Industry (PCI) Data Security Standard (DSS) requirements. The requirements and assessment procedures presented in this document are based on the PCI DSS.

Download Page