PCI-DSS

standard

PCI DSS is an information security standard for organizations that handle branded credit cards from the major card schemes.

Release Released Acceptance
4.0.1 6 months ago
(11 Jun 2024)
Yes
4.0 2 years and 8 months ago
(31 Mar 2022)
Ends in 2 weeks and 6 days
(31 Dec 2024)
3.2.1 6 years ago
(01 May 2018)
Ended 8 months ago
(31 Mar 2024)
3.2 8 years ago
(01 Apr 2016)
Ended 5 years and 11 months ago
(31 Dec 2018)
3.1 9 years ago
(01 Apr 2015)
Ended 8 years ago
(31 Oct 2016)

The period for which an entity’s PCI DSS assessment result is valid does not change if the standard against which the entity was assessed has been retired1.

  • Future-dated new requirements introduced in v4.0 will become effective on 31st March 2025.
  • PCI DSS v3.2.1 was retired on 31st March 2024. Changes from v3.2.1 to v4 are documented in the Summary of Changes
  • PCI DSS v3.2 remained valid till 31 December 2018 and was retired on 1 January 2019.
  • PCI DSS v3.1 retired on 31 October 2016. The new requirements introduced in PCI DSS v3.2 were considered best practices until 31 January 2018. Starting 1 February 2018 they are effective as requirements and must be used.
  1. https://www.pcisecuritystandards.org/faq/articles/Frequently_Asked_Question/Does-an-entity-s-PCI-DSS-assessment-result-expire-when-the-standard-against-which-the-entity-was-assessed-is-retired/ ↩

More information is available on the PCI-DSS website.


You can submit an improvement to this page on GitHub :octocat: . This page has a corresponding Talk Page.

A JSON version of this page is available at /api/pci-dss.json. See the API Documentation for more information. You can subscribe to the iCalendar feed at /calendar/pci-dss.ics.