From 29 May 2020 to 30 June 2020, PCI SSC stakeholders can participate in a Request for Comments (RFC) on PIN v3.1 Standard draft.
Background on the PIN v3.1 Standard Draft
This is a minor revision that is primarily oriented to errata, including updating Appendix A – Applicability of Requirements. Significant changes include:
- Effective January 2023, RSA keys used to convey or transport other keys must be of equal or greater strength then the keys they encrypt
- Normative Annex C- Minimum and Equivalent Key Sizes and Strengths for Approved Algorithms was rewritten for clarity and to align with nomenclature used in NIST publications.
RFC Process
The RFC will be available through the PCI SSC portal, including instructions on how to access the document and submit feedback. Primary contacts for each eligible organization can access the PIN v3.1 Standard Draft via the Portal. Eligible RFC participants will be required to accept a Non-Disclosure Agreement (NDA) to download the document.
Per the RFC process, every piece of feedback will be reviewed and considered, and PCI SSC will prepare a summary for RFC participants showing all feedback received and how it was addressed. Please review the RFC Process Guide for more information.
Please note that PCI SSC can only accept comments that are received via the PCI SSC portal within the defined RFC period.
