The PCI Security Standards Council looks as if they have released that FAQ they have been working on! I can tell you that this is a huge relief for everyone involved (merchants, service providers, QSAs, ASVs, etc.) as the volume of questions that the council was dealing with prevented them from turning around answers quickly.

Course, quickly is a relative term.

But consider their position. Here at VeriSign, we might submit 1 question every couple of months, but other QSAs may submit more. For every question that VeriSign (or any QSA) submits, they must get buy in on the answer from all 5 members before it can be turned around. You can see how this can easily take days or weeks to get answers turned around if you are getting any significant volume per day (say 10 questions per day).

So now that the common ones are up there, this should allow the more challenging interpretation requests to be processed quickly.

This post originally appeared on

Possibly Related Posts: