This document defines terms used in DSS and the other resources available to approved scanning vendors and qualified security assessors.
English - Glossary: pdf    Spanish - Glossary: pdf    Chinese - Glossary: pdf

The Payment Card Industry Data Security Standard (DSS) v 1.2 has replaced the DSS v. 1.1 on October 1, 2008. This Summary of Changes document provides an overview of the significant differences between the two versions.
English - Summary of Changes: pdf

In the frequently asked questions document you will find information about the changes from version 1.1 to 1.2.
English - PCI DSS 1.2 FAQs: pdf

This document describes the 12 Payment Card Industry Data Security Standard (PCI DSS) requirements, along with guidance to explain the intent of each requirement. This document is intended to assist merchants, service providers, and financial institutions who may want a clearer understanding of the Payment Card Industry Data Security Standard, and the specific meaning and intention behind the detailed requirements to secure system components (servers, network, applications etc) that support cardholder data environments.
English - Navigating PCI DSS Document: pdf    Spanish - Navigating PCI DSS Document: pdf

The Attestation is your certification that you are eligible to perform and have performed the appropriate Self-Assessment.
AOC - Merchants v1.2: doc    AOC - Service Providers v1.2: xls

The Prioritized Approach offers guidance on how to focus PCI DSS 1.2 implementation efforts in a way that expedites the security of cardholder data. It also helps businesses identify highest risk targets, creates a common language around PCI DSS implementation efforts, and enables merchants to demonstrate progress on compliance process to key stakeholders – banks, acquirers, QSAs, others.
Prioritized Approach for PCI DSS 1.2: pdf    Prioritized Approach tool: xls

To be recognized as a QSA by PCI SSC, QSAs must meet or exceed the requirements described in this document and execute the QSA Agreement with PCI SSC attached to this document as Appendix A (the "Agreement").
English - DSS Validation Requirements for Qualified Security Assessors: doc

The Payment Card Industry Data Security Standard (DSS) v 1.2 has replaced the DSS v. 1.1 on October 1, 2008. This Summary of Changes document provides an overview of the significant differences between the two versions.
English - Supplement for Principal-Associate Qualified Security Assessors: doc

To be recognized as an ASV by PCI SSC, the ASV, ASV employees, and the ASVs scanning solution must meet or exceed the requirements described in this document and execute the "PCI ASV Compliance Test Agreement" attached as Appendix A (the "Agreement") with PCI SSC. The companies that qualify are identified on PCI SSC’s ASV list on PCI SSC’s web site in accordance with the Agreement.
English - PCI DSS Validation Requirements for Approved Scanning Vendors: doc

Requirement 11.3 Penetration Testing - Information Supplement: pdf
Requirement 6.6 Application Reviews and Web Application Firewalls Clarified - Information Supplement: pdf

PCI ASV Compliance Test Agreement - Coming Soon
ASV Feedback Form - Brands and Others - English: doc
ASV Feedback Form - Client - English: doc

PCI Qualified Security Assessor (QSA) Agreement - Coming Soon
QSA Feedback Form - Brands and Others - English: doc
QSA Feedback Form - Client - English: doc