Detailed PCI DSS Requirements and Security Assessment Procedures
The following defines the column headings for the PCI DSS Requirements and Security Assessment Procedures:
- PCI DSS Requirements — This column defines the Data Security Standard requirements; PCI DSS compliance is validated against these requirements.
- Testing Procedures — This column shows processes to be followed by the assessor to validate that PCI DSS requirements have been met and are “in place.”
- Guidance — This column describes the intent or security objective behind each of the PCI DSS requirements. This column contains guidance only, and is intended to assist understanding of the intent of each requirement. The guidance in this column does not replace or extend the PCI DSS Requirements and Testing Procedures.
Note: PCI DSS requirements are not considered to be in place if controls are not yet implemented or are scheduled to be completed at a future date. After any open or not-in-place items are addressed by the entity, the assessor will then reassess to validate that the remediation is completed and that all requirements are satisfied.
Please refer to the following resources (available on the PCI SSC website) to document the PCI DSS assessment: