Request for Comments: SPoC Unsupported Operating Systems Annex

From 6 January 2021 to 4 February 2021, PCI SSC stakeholders can participate in a Request for Comments (RFC) on the new SPoC Unsupported Operating Systems Annex draft.

Background on the SPoC Unsupported Operating Systems Annex
The Council has drafted a new, optional, Software-based PIN Entry on COTS (SPoC)™ Annex for Unsupported Operating Systems (“Unsupported OS Annex”). The purpose of this optional Annex is to provide additional security and testing requirements for SPoC solutions, to allow solution providers to develop SPoC solutions that merchants can use on COTS devices with unsupported operating systems.

Adding support for COTS devices with unsupported operating systems allows merchants without access to modern COTS devices, and merchants who are unable to upgrade their COTS devices, to use the security of a SPoC solution. The security and testing requirements, described in the Unsupported OS Annex, are intended to protect the confidentiality and integrity of PINs captured on COTS devices with an unsupported operating system.

RFC Process
The RFC will be available through the PCI SSC portal, including instructions on how to access the document and submit feedback. Primary contacts for each eligible organization can access the SPoC Unsupported Operating Systems Annex draft via the Portal. Eligible RFC participants will be required to accept a Non-Disclosure Agreement (NDA) to download the document.

Per the RFC process, every piece of feedback will be reviewed and considered, and PCI SSC will prepare a summary for RFC participants showing all feedback received and how it was addressed. Please review the RFC Process Guide for more information.

Please note that PCI SSC can only accept comments that are received via the PCI SSC portal within the defined RFC period.

Also on the blog: What to Know Before Participating in a PCI SSC RFC