The PA-DSS Program Guide v2.0 and Attestation of Validation (AOV) v2.01 are now available for immediate use.
These document updates are primarily about alignment and clarification. They don’t represent a change to the PA DSS standard.
Software vendors will be particularly interested in the pricing guide which details the fees charged by the PCI SSC for listing applications, and the associated transition FAQ. Amongst the changes contained within the new Program Guide are details of “minor change” classifications, now referred to as “No-Impact”, “Low-Impact” or “High-Impact”. In short, only a “High-Impact” change to an application would trigger a complete reassessment, although there’s plenty of detail about what needs to be done in the event of No or Low impact changes being identified.
Sample PCI DSS Penetration Testing Policy
Sample PCI Penetration Testing Procedures