Skip to the main content.
Contact
Contact

1 min read

Is Your Payment Application Ready to Leap to PA-DSS Version 3.2?

Is Your Payment Application Ready to Leap to PA-DSS Version 3.2?

With the release of PA-DSS 3.2, on June 8th, the PCI Council has provided sunset dates for PA-DSS 3.1 applications and application listing. Key item to note is that ROVs and changes for payment applications validated according to PA-DSS v3.1 may be submitted through 31 August 2016.  As of 1 September 2016, all new ROVs must be validated according to PA-DSS v3.2.

The table below gives a breakdown of the dates you should be aware of for your payment applications.

Lifecycle Dates for PA-DSS PA-DSS 3.1 PA-DSS 3.2
Effective Date: Submissions will be accepted from this date. 1 June 2015 1 June 2016
Standard Expiry Date: Submissions for new application listings and high impact changes will not be accepted after this date. 31 August 2016 TBD
Application Listing Expiry Date: All applications will be moved to "Pre-Existing Deployments" list. 28 October 2019 28 October 2022
Changes accepted until: Low impact and no impact changes for listed applications. 28 October 2019 28 October 2022

What if I am currently in the process of validation?

This is a common question we get asked as does the PCI Council. In their publication the council addresses this with the following statement:

”While PCI SSC is unable to grant any extensions past 31 August 2016, assessors/vendors will have until 30 November 2016 to resolve and resubmit ROVs or change submissions for which PCI SSC requests additional clarification or action, as long as the completed ROV and all supporting documentation was submitted to PCI SSC and the corresponding invoice was paid in full prior to 12:00AM EDT 1 September 2016.”

Thus if you are in the middle of an assessment, you should make a priority to complete it prior to August 31, 2016. If you believe that you will not be complete prior to the end of August, or are thinking of starting a PA-DSS validation, you will need to align to PA-DSS 3.2.

If you are unsure about what to do next, give Control Gap a call and we will help you navigate the compliance waters.

What's changed in PA-DSS 3.2? Impacts to Vendors, Implementers, and Operators.

1 min read

What's changed in PA-DSS 3.2? Impacts to Vendors, Implementers, and Operators.

Recently, Control Gap posted an article performing a detailed analysis of the recent changes in the DSS due to 3.2. We do this because the...

Read More
Just like spring - a new version of PCI DSS will come early this year!

1 min read

Just like spring - a new version of PCI DSS will come early this year!

Last week the PCI Standards Council commented on the upcoming DSS 3.2 update and what it means for the rest of 2016. Ever since the sunset of SSL...

Read More
PCI DSS Version 3.1 Has Arrived

1 min read

PCI DSS Version 3.1 Has Arrived

The PCI Security Standards Council today published the expected update to PCI releasing these documents including some specific migration guidance:

Read More