pci-ssc-logo

COVID-19 Impact on P2PE Assessments

The Council is aware that restrictions due to COVID-19 may cause difficulty in completing Annual Revalidations and 3-year Reassessments of P2PE Solutions, P2PE Components and P2PE Applications.

To help address these issues, the Council will provide the following allowances, subject to completion of a corresponding request and attestation:

1. P2PE Products (P2PE Solutions, P2PE Components, P2PE Applications) due for annual revalidation before July 31, 2020:

  • If COVID-19 related restrictions have prevented completion of the annual PCI DSS assessment, PCI SSC will accept the AOV without the PCI DSS assessment box checked.
  • This allowance requires vendor attestation that the applicable P2PE Solution, P2PE Component or P2PE Application is adherent to the P2PE Standard and Program requirements, including that the decryption environment continues to adhere to PCI DSS.
  • There will be no change to the Reassessment Date.

2. P2PE Products (P2PE Solutions, P2PE Components, P2PE Applications) due for a 3-year Reassessment before October 30, 2020:

  • If COVID-19 related restrictions have prevented the full assessment of the P2PE Product (P2PE Solution, Component, Application), PCI SSC will provide a six-month extension to the Reassessment Date.
  • This extension requires vendor attestation that the applicable P2PE Solution, P2PE Component or P2PE Application is adherent to the P2PE Standard and Program requirements, including that the decryption environment continues to adhere to PCI DSS.

    Contact P2PE@pcisecuritystandards.org for further information.