Some data on this page has not yet been manually verified against official sources. Fields marked "provisional" should be confirmed before citing.
PCI DSS
ActiveFuture-dated requirements from v4.0 became mandatory 31 March 2025. FAQ 1328 is the canonical reference for current version.
Version history
| Version | Status | Published | Retired | Source |
|---|---|---|---|---|
| 4.0.1 | Active | Jun 1, 2024 | — | ↗ |
| 4.0 | Retired | Mar 31, 2022 | Dec 31, 2024 | ↗ |
| 3.2.1 | Retired | May 1, 2018 | Mar 31, 2024 | ↗ |
Supporting documents
| Title | Type | Published | Applies to | Source |
|---|---|---|---|---|
| Guidance for Compensating Controls and the Customized Approach | guidance | Jun 10, 2026 | — | ↗ provisional |
| Vulnerability Management Infographic | guidance | May 28, 2025 | — | ↗ provisional |
| SAQ Instructions and Guidelines | saq | Apr 22, 2025 | 4.0.1 | ↗ provisional |
| Guidance for PCI DSS Requirements 6.4.3 and 11.6.1 | guidance | Apr 22, 2025 | 1161 | ↗ provisional |
| PCI DSS Quick Reference Guide | guidance | Jan 30, 2025 | — | ↗ provisional |
| AOC SAQ A | saq | Jan 30, 2025 | 4.0.1 | ↗ provisional |
| SAQ A | saq | Jan 30, 2025 | 4.0.1 | ↗ provisional |
| Prioritized Approach for PCI DSS | guidance | Jan 29, 2025 | 0.1 | ↗ provisional |
| Prioritized Approach Tool | guidance | Jan 29, 2025 | — | ↗ provisional |
| SAQ D Service Provider | saq | Jan 16, 2025 | 4.0.1 | ↗ provisional |
| ROC Template | template | Jan 16, 2025 | — | ↗ provisional |
| AOC SAQ D - Service Providers | saq | Dec 2, 2024 | 4.01 | ↗ provisional |
| SAQ P2PE | saq | Oct 11, 2024 | 4.0.1 | ↗ provisional |
| SAQ SPoC | saq | Oct 11, 2024 | 4.0.1 | ↗ provisional |
| AOC SAQ SPoC | saq | Oct 11, 2024 | — | ↗ provisional |
| AOC SAQ C | saq | Oct 11, 2024 | 4.0.1 | ↗ provisional |
| AOC SAQ B-IP | saq | Oct 11, 2024 | 4.0.1 | ↗ provisional |
| AOC SAQ B | saq | Oct 11, 2024 | 4.0.1 | ↗ provisional |
| AOC SAQ C-VT | saq | Oct 11, 2024 | 4.01 | ↗ provisional |
| AOC SAQ D - Merchants | saq | Oct 11, 2024 | 4.01 | ↗ provisional |
| AOC SAQ P2PE | saq | Oct 11, 2024 | 4.0.1 | ↗ provisional |
| SAQ D Merchant | saq | Oct 11, 2024 | 4.0.1 | ↗ provisional |
| SAQ A-EP | saq | Oct 11, 2024 | 4.0.1 | ↗ provisional |
| SAQ B | saq | Oct 11, 2024 | 4.0.1 | ↗ provisional |
| SAQ B-IP | saq | Oct 11, 2024 | 4.0.1 | ↗ provisional |
| SAQ C | saq | Oct 11, 2024 | 4.0.1 | ↗ provisional |
| SAQ C-VT | saq | Oct 11, 2024 | 4.0.1 | ↗ provisional |
| AOC SAQ A-EP | saq | Oct 11, 2024 | 4.0.1 | ↗ provisional |
| Supplemental ROC Template - Designated Entities | template | Aug 26, 2024 | — | ↗ provisional |
| AOC for ROC - Service Providers Extra Form - Part 2g | template | Aug 26, 2024 | — | ↗ provisional |
| Supplemental AOC - Designated Entities | template | Aug 26, 2024 | — | ↗ provisional |
| Sample Templates: Customized Approach | template | Aug 26, 2024 | — | ↗ provisional |
| FAQs for use with ROC Template | faq | Aug 26, 2024 | — | ↗ provisional |
| PCI DSS AOC - Service Providers | template | Aug 26, 2024 | — | ↗ provisional |
| PCI DSS AOC - Merchants | template | Aug 26, 2024 | — | ↗ provisional |
| PCI DSS Summary of Changes | standard | Aug 24, 2024 | — | ↗ provisional |
| ASV Resource Guide | guidance | Jul 10, 2024 | — | ↗ provisional |
| PCI DSS | standard | Jun 11, 2024 | — | ↗ provisional |
| PCI DSS v4.0.1 | standard | Jun 1, 2024 | 4.0.1 | ↗ |
| ROC Reporting Template for PCI DSS v4.0.1 | template | Jun 1, 2024 | 4.0.1 | ↗ provisional |
| SAQ A for PCI DSS v4.0.1 | saq | Jun 1, 2024 | 4.0.1 | ↗ provisional |
| Sample Template: TRA for Activity Frequency | template | Nov 27, 2023 | — | ↗ provisional |
| TRA Guidance | guidance | Nov 27, 2023 | — | ↗ provisional |
| AOC for SAQ D - Service Providers Extra Form - Part 2g | saq | Aug 30, 2023 | — | ↗ provisional |
| Extra Compensating Controls Worksheet | template | Apr 17, 2023 | — | ↗ provisional |
| PCI DSS v4.0 At a Glance | guidance | Dec 15, 2022 | — | ↗ provisional |
| FAQs for Designated Entities Supplemental Validation | faq | Jun 14, 2022 | — | ↗ provisional |
| Prioritized Approach Tool | guidance | Jun 1, 2018 | — | ↗ provisional |
| Prioritized Approach Summary of Changes | guidance | May 1, 2016 | — | ↗ provisional |
| Glossary of Terms, Abbreviations, and Acronyms | guidance | Apr 28, 2016 | — | ↗ provisional |
| PCI DSS Designated Entities Supplemental Validation | standard | Jun 1, 2015 | — | ↗ provisional |
| Understanding SAQs for PCI DSS | saq | Apr 27, 2015 | — | ↗ provisional |
| ROC Reporting Template for use with PCI DSS v3.0 - Summary of Changes | template | Jul 1, 2014 | — | ↗ provisional |
| PCI DSS and PA-DSS Version 3.0 Change Highlights | guidance | Aug 1, 2013 | — | ↗ provisional |
| FAQs for use with ROC Reporting Instructions for PCI DSS | template | Sep 1, 2011 | — | ↗ provisional |
| Navigating the PCI DSS | guidance | Oct 28, 2010 | — | ↗ provisional |