BLOG HOME > PCI > Updating PCI DSS SAQs to 3.2: The Changes You Should Know

Updating PCI DSS SAQs to 3.2: The Changes You Should Know

PCI DSS 3.2 has added and removed new requirements to the SAQs. 


Read our white paper,  How to Become Compliant with PCI DSS 3.2

If you’re new to the PCI DSS, you might not know much about Self-Assessment Questionnaires (SAQs). SAQs are used to help businesses validate and prove their compliance with the PCI DSS.

As you may know, PCI DSS 3.2 was released in April 28, 2016. On October 31, 2016, PCI DSS 3.1 will retire and all assessments need to use the PCI DSS version 3.2 SAQs.

SEE ALSO: PCI DSS 3.2 Changes: What Your Business Needs to Know

New SAQ Requirements 

So what has changed with the SAQs? While there aren’t any new SAQ types or changes to SAQ descriptions, a fair amount of requirements have been added or removed.



Here’s an overview list of requirement changes in each PCI DSS SAQ:
  • SAQ A added 8 more requirements (multi-factor authentication, improved user access controls, etc.) 
  • SAQ A-EP added 52 more requirements (firewall configuring and documentation rules, coding procedures, intrusion detection and prevention systems, etc.) 
  • SAQ B remained the same 
  • SAQ B-IP added one more requirement (multi-factor authentication) 
  • SAQ C-VT added 6 more requirements (multi-factor authentication, improved user access controls, etc.) 
  • SAQ C added 21 more requirements (multi-factor authentication, user access controls, etc.)
  • SAQ D added 15 more requirements (cryptographic architecture documentation, semi-annual penetration tests on segmentation, etc.) 
  • SAQ P2PE removed 2 requirements (masking and emailing unencrypted PAN data) 

These new changes reflect the changes made with 3.2, including multi-factor authentication, pen testing requirements, and clarifying masking and encryption.

SEE ALSO:  PCI DSS Supplemental Guide to Scope: Understanding PCI DSS Scope and Segmentation

What does each SAQ cover? 

Each SAQ handles a different aspect of a business’s payment process. Here’s a quick chart on each SAQ and what it covers.

Download the latest guide to PCI compliance

Download Now


We are excited to work with you.

*Required

Thank you!

Your request has been submitted.