pci-ssc-logo

COVID-19 Impact on P2PE Assessments

Updated: 20 October 2020

The Council is aware that restrictions due to COVID-19 may cause difficulty in completing Annual Revalidations and 3-year Reassessments of P2PE Solutions, P2PE Components and P2PE Applications.

To help address these issues, the Council will provide the following allowances, subject to completion of a corresponding request and attestation:

1. For P2PE Solutions and P2PE Decryption Management Components due for annual revalidation before 30 June 2021:

  • If COVID-19 related restrictions have prevented completion of the annual PCI DSS assessment of the Decryption Environment, PCI SSC will accept the AOV without the PCI DSS assessment box checked.
  • This allowance requires vendor attestation that the applicable P2PE Solution or P2PE Decryption Management Component is adherent to the P2PE Standard and Program requirements, including that the decryption environment continues to adhere to PCI DSS.
  • There will be no change to the Reassessment Date.

2. For P2PE Solutions, P2PE Components, P2PE Applications due for a 3-year Reassessment before 30 June 2021:

  • If COVID-19 related restrictions have prevented the full assessment of the P2PE Product (P2PE Solution, Component, Application), PCI SSC will provide a six-month extension to the Reassessment Date.
  • This extension requires vendor attestation that the applicable P2PE Solution, P2PE Component or P2PE Application is adherent to the P2PE Standard and Program requirements, including that the decryption environment continues to adhere to PCI DSS.

    Contact P2PE@pcisecuritystandards.org for further information.