PA DSS Program Guide v2.0

The PA-DSS Program Guide v2.0 and Attestation of Validation (AOV) v2.01 are now available for immediate use.

These document updates are primarily about alignment and clarification. They don’t represent a change to the PA DSS standard.

Software vendors will be particularly interested in the pricing guide which details the fees charged by the PCI SSC for listing applications, and the associated transition FAQ. Amongst the changes contained within the new Program Guide are details of “minor change” classifications, now referred to as “No-Impact”, “Low-Impact” or “High-Impact”. In short, only a “High-Impact” change to an application would trigger a complete reassessment, although there’s plenty of detail about what needs to be done in the event of No or Low impact changes being identified.

Useful reading:

Sample PCI DSS Penetration Testing Policy
https://www.ambersail.com/wp-content/uploads/2018/07/Penetration-Testing-Policy-Ambersail-Sample.pdf

Sample PCI Penetration Testing Procedures
https://www.ambersail.com/wp-content/uploads/2018/07/Penetration-Testing-Procedure-Ambersail-Sample.pdf

Leave a Reply