Anyone who relies on the PCI FAQ site for guidance may have noticed some changes in the last few months. In fact if you bookmarked some of the links you’ll have discovered that several went completely missing. The council periodically revises and clarifies the content of FAQs; however, this time they altered several of the questions which changed the permalinks. The main thrust of the change was to move away from the misleading term “Scope reduction”. You can still search on the “article number” to find your favorite FAQ, or you may need to use the search page options for “Most Recently Updated” under featured FAQ articles.

By our count, there are some 248 FAQs that have been published since 2008 when the Council launched the FAQ site. Only a small number  have been changed, and only 4 were renamed :

• 1086 “How does encrypted cardholder data impact PCI DSS scope?”, which has undergone several clarification rounds, used to be “Is encrypted cardholder data in scope for PCI DSS?”
• 1158 “What effect does the use of a PCI-listed P2PE solution have on a merchant's PCI DSS validation?” used to be “Are merchants using Council-listed P2PE solutions out of scope for PCI DSS?”
• 1162 “Can merchants use encryption solutions not listed on the PCI Council's website to reduce their PCI DSS validation effort?” used to be “Can merchants use encryption solutions not listed on the Council’s website for PCI DSS scope reduction?”
• 1233 “How does encrypted cardholder data impact PCI DSS scope for third-party service providers?” used to be “Are third-party storage providers storing only encrypted cardholder data in scope for PCI DSS?”

If you have ever wanted to see all the FAQ's in one place, you may be interested in our Index of PCI Frequently Asked Questions.

If you want to learn more about ways to simplify your compliance, we recommend “PCI Footprints: 7 Ways To Simplify Compliance, Reduce Risk And Save Money”