In our Preparing for PCI DSS 3.2: What to Expect in 2016 blog post earlier this year, we outlined what to expect with the next version of the standard. As we move closer to publication of 3.2, what are the important dates and milestones to be aware of? Here we look at key dates to help organizations plan for PCI Data Security Standard (PCI DSS) 3.2 and Payment-Application Data Security Standard (PA-DSS) 3.2:

May 2016

PA-DSS 3.2 will be published at the end of the May. The changes in PA-DSS 3.2 align with the changes made in PCI DSS 3.2. Information will be provided to PA-DSS application vendors and assessors on how this update impacts their programs.

PA-DSS 3.2 supporting documents including Report on Validation (ROV) and Attestation of Validation (AOV) forms, as well as Frequently Asked Questions (FAQ) will also be available at the end of the month.

A transition period will be provided to support completion of PA-DSS 3.1 validations already in progress.

October 2016

PCI DSS 3.1 will retire six months after the release of PCI DSS 3.2, and at this time all assessments will need to use version 3.2.

February 2018

The new requirements introduced in PCI DSS will be considered best practices until 31 January 2018. Starting 1 February 2018 they are effective as requirements.

For more information on planned changes in the standard, check out Preparing for PCI DSS 3.2: What to Expect in 2016 .

Subscribe to this blog for the latest information on 3.2 and other PCI updates.