From 6 September to 15 November, PCI SSC stakeholders have the opportunity to provide feedback on the PCI Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS). Industry feedback plays an important role in developing and evolving PCI Standards and guidance. Based on this feedback and market need, we will evaluate the need for changes to the standards, and/or additional guidance and resources.
The PCI DSS and PA-DSS are mature standards, addressing essential elements of data security. When implemented and maintained properly, these standards help businesses safeguard payment data and detect, mitigate and prevent criminal attacks and breaches. While the PCI SSC will continue to evolve these standards as needed, the focus looking ahead is how to increase and improve adoption of these data security essentials for businesses of all sizes and types. Specifically, we are working with the industry on ways to provide greater flexibility for organizations to focus on the security controls needed to protect payment data and reduce risk for their payment environments, and to demonstrate that they have these controls in place.
With this in mind, we are taking a new approach to the regular feedback period for the PCI DSS and PA-DSS. In addition to requesting feedback on any area of the standards, we are also asking specific questions designed to help us understand how we can better support organizations in their payment security efforts and increase adoption of these data security essentials for businesses of all sizes and types.
PCI Participating Organizations, Affiliate and Strategic Members, and Qualified Security Assessors (QSA) are invited to participate in the feedback period, which runs from 6 September to 15 November.