UPDATE: The ROC Reporting Template is available as a PDF on the Document Library page after the Reporting Template and Forms banner almost all the way down the page. The Word version of the ROC Reporting Template is now available from the PCI Portal. No word yet on the PA-DSS and ROV Reporting Template.
Yes, the PCI SSC released the final version of the PCI DSS v3.2, an updated Glossary and Summary of Changes document on their Web site this morning, but we are missing a key piece. The Report On Compliance (ROC) Reporting Template.
Why is that important you might ask?
The ROC Reporting Template is the document that contains all of the tests that a QSA/ISA needs to conduct to prove that an organization is PCI compliant. It tells you and your QSA/ISA the evidence needed to gather, how to gather the evidence and level of effort required. Without that information, an assessment under v3.2 cannot be performed. Let alone do we truly know the breadth and depth of the changes the Council has made.
The Council promised on their Webinar a month ago that all documents would be released on the same date. But as of this writing, the ROC Reporting Template is missing in action.
Until we have that document, we have nothing.
Also of note is that the PA-DSS v3.2 and its related Report On Validation Reporting Template are also missing in action as well.