The PCI Security Standards Council (PCI SSC) highly values feedback from the global payment card industry in the development of PCI Security Standards and programs. Dedicated comment periods are one of the several ways that PCI SSC solicits feedback from stakeholders.
Request for Comments (RFC) periods are avenues for PCI SSC stakeholders to provide feedback on existing and new PCI Security Standards. This feedback plays a critical role in the ongoing maintenance and development of these resources for the payment card industry. All comments will be available for viewing by those who participated in that RFC. Your comment(s), your organization’s name, and how PCI SSC actioned your feedback comments will be made available in the PCI SSC portal.
PCI SSC has developed detailed and easy-to-understand guidance on its official RFC process. To learn more, please check out the PCI Perspectives Blog, RFC Process Guide, RFC-at-a-Glance infographic and What to Know Before Participating in a PCI SSC RFC resource guide.
RFC
Dates*
Open to
Draft PCI Secure SLC Standard v2.0
Q4 2024 - Q1 2025
Draft PCI Secure Software Standard v2.0
Q1 2025
PCI Key Management Operations (KMO) Security Requirements v1.0 RFC
Quarter 1, 2025
PCI PTS Hardware Security Module (HSM) v5.0 RFC2
Q2 2025
* Future RFC dates are estimates and subject to change.
For additional information about current RFCs or details about previous RFCs, please use your secure credentials to log into the PCI SSC portal.
Our website uses both essential and non-essential cookies (further described in our Privacy Policy) to analyze use of our products and services. By clicking “ACCEPT” below, you are agreeing to our use of non-essential cookies to provide third parties with information about your usage and activities. If you click “DECLINE” below, we will continue to use essential cookies for the operation of the website.
