Archive for June, 2018


The PCI ROC Template v3.2.1 Has Been Released

Just to let everyone know that the new PCI DSS Report On Compliance (ROC) Word template for v3.2.1 has been released and is available at the PCI Portal.  The PDF version is available in the Documents Library at the PCI SSC Web site.


One More Time

Let’s give it another try, shall we?

On Friday, June 15, at 1600 UTC, Noon ET the PCI Dream Team will try, once again, to answer your most difficult PCI questions. We hope to not encounter a technical glitch this time around.

Go to BrightTalk ( to register for the session.

We look forward to talking to you all.

UPDATE: BrightTalk originally gave me the WRONG link for registration, so all of you using the link you might have gotten via email was incorrect.  Please use the link from above to register.

UPDATE: BrightTalk has told us we will be on video as well this time. Wanted to provide fair warning. LOL!

Thank you to everyone that attended our last session.  Excellent questions even though my computer locked up and knocked me off the internet for around 10 minutes.



ASV Program Modernization Effort

Here is a good one and not the first time this has happened.

According to the PCI SSC’s news release, one or possibly more Approved Scanning Vendors (ASV) have apparently been actively promoting an ‘ASV Program Modernization Effort’.  I have no idea what they would be “modernizing”, but apparently some ASVs think there needs to be modernization of the ASV program.

The bottom line from the Council is that this discussion of a modernization effort is not endorsed by the Council nor is the Council involved in these discussions.  As they stated in bold in the release:

“However, PCI SSC is not a participant in, and in no way endorses, is affiliated with, sponsors, or has contributed to the above-noted “ASV Program Modernization Effort.”

I am betting the ASVs involved in this effort are wishing they were not involved.  It clearly states in the various Code Of Conduct and contracts that such efforts are not allowed and can result in remediation and even termination of an ASV from the PCI program.

The lesson to be learned here is that if you are an ASV, QSAC, PA-QSAC or in any way affiliated with the PCI Council through one of their programs and you are approached about the ‘ASV Program Modernization Effort’ be polite but ignore it.

Welcome to the PCI Guru blog. The PCI Guru reserves the right to censor comments as they see fit. Sales people beware! This is not a place to push your goods and services.

June 2018