This page tries to capture the sites and links that can help organisations gather the information they need to understand the Payment Card Industry Data Security Standards.
UPDATE IN PROGRESS – 11th April 2024
PCI (DSS, PA, SSF, P2PE, SSC) Reference sites and documents
- Payment Card Industry official standards website
- PCI DSS Overview
- List of QSA Companies. Qualified Security Advisors (QSA) have been tested by the PCI SSC and have appropriate indemnity insurance to cover their work and the countries they work in.
- Verify a QSA Employee. Is the QSA actually certified for the work you want them to undertake? Find out by using the link.
- Approved Scanning Vendors (ASVs) are organizations that validate adherence to certain DSS requirements by performing vulnerability scans of Internet-facing environments of merchants and service providers.
- Part One: Conceptual Differences Between SSF and PA-DSS
- 7th December 2022 New Web Software Module Introduced in PCI Secure Software Standard Version 1.2
- Qualification Requirements For Approved Scanning Vendors (ASV)
Industry Sites
- PCI Standards Council
- PCI Standards Council FAQs
- PCI Standards Council Newsroom
- American National Standards Institute
- Center for Internet Security
- Cloud Security Alliance
- European Union Agency for Cybersecurity
- The FIDO Alliance
- International Organization for Standardization
- The UK National Cyber Security Centre
- National Institue of Standards and Technology
- Open Web Application Security Project
- Software Assurance Forum for Excellence in Code
If you see a broken link, noticed something missing, or think something needs to be added please tell me.
.
Brian Pennington 
Leave a comment