As you wade through the changes document for PCI DSS 3.1, you may notice that there were a few items mentioned there that are not mentioned in this text. For the sake of brevity, any requirements that had minor clarifications of intent were not included in the text (outside of the Third-Party issue because it needs reinforcing). The owner of the Standard is the PCI Security Standards Council, and all of the official documentation can be downloaded from their website at http://www.pcisecuritystandards.org/. For enforcement issues, check with your acquirer to work through the payment brands. For any interpretation issues, check with your QSA. The Council is not an enforcement arm, they don’t want to see your ROC, and they ...