The new Self-Assessment Questionnaire (SAQ) Version 1.1, issued by the Payment Card Industry (PCI) Security Standards Council (PCI SSC) is now available within QualysGuard PCI. Implementation of the new SAQ allows customers to complete all versions of the questionnaire online and e-file it securely with their acquiring banks. The SAQ is available at https://www.pcisecuritystandards.org/tech/saq.htm and consists of four unique forms to meet various business scenarios.
For use primarily by Level 2, 3 and 4 merchants (and some smaller service providers), as defined by the major credit-card brands — Visa Inc., MasterCard Worldwide, Discover Financial Services, American Express and JCB International — to validate compliance with the PCI Data Security Standards (PCI DSS). The PCI SSC updated SAQ version 1.0 to better align with PCI DSS version 1.1 and created four variants to ensure merchants only answer questions relevant to their environment. Each of the four variants, labeled A, B, C and D have qualifying questions used to determine which of the four questionnaires a merchant is required to complete.
QualysGuard fully supports all four types of questionnaires, labeled A-D, including the ability to enter online comments for compensating controls, provide remediation action plan for non-compliant sections, complete attestation of the assessment and electronically sign the SAQ online. More details on the QualysGuard PCI implementation or SAQ 1.1 are available at: http://www.qualys.com/docs/QG_PCI_GSG.pdf within the PCI Questionnaires chapter.