The AOC is a document that confirms an entity’s compliance with PCI DSS requirements. It is signed by the entity (merchant or service provider) and the Qualified Security Assessor (QSA) if a QSA is involved.
Different AOC Templates:
PCI DSS provides distinct templates for service providers and merchants, tailored to their respective roles and responsibilities within the cardholder data environment (CDE).
Invalid Options:
B:PCI SSC does not sign AOCs; they are signed by the merchant/service provider and the QSA.
C:AOCs differ between ROCs and SAQs, so the same template is not universally used.
D:Both the merchant/service provider and the QSA/ISA (Internal Security Assessor) must sign the AOC when applicable.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit