From 24 June to 26 July 2021, PCI SSC stakeholders are invited to review and provide feedback on the draft PCI PIN Transaction Security (PTS) Hardware Security Module (HSM) Modular Security Requirements during a 30 day request for comments (RFC) period.
The RFC will be available to primary contacts through the PCI SSC portal, including instructions on how to access the document and submit feedback. Eligible stakeholders will also receive instructions via email. As a reminder, participants are required to accept a Non-Disclosure Agreement (NDA) to download the document. Please review the RFC Process Guide for more information.
Please note that PCI SSC can only accept comments that are submitted via the PCI SSC portal and received within the defined RFC period.
Background on the PTS HSM Security Requirements
PTS HSM Security Requirements are designed to ensure HSM devices provide the strongest protection for critical data elements used in card verification, PIN processing, chip transaction processing, payment card personalization, secure cryptographic key loading, remote HSM administration and other payment and authentication activities.
The updates in the RFC are designed to address industry needs by:
- Adding a new module for Cloud Based HSMs as a Service – Multi-tenant Usage Security Requirements
- Requiring support for ANSI and ISO standards based Key Blocks
- Requiring support for AES
Please review the RFC Process Guide and our resource guide: What to Know Before Participating in a PCI SSC RFC for more information on the PCI SSC RFC process.