PTS Hardware Security Module (HSM)

PTS Hardware Security Module (HSM)

hsm_1b0e8f

PIN Transaction Security (PTS) Hardware Security Module (HSM) Standard

The PIN Transaction Security (PTS) Hardware Security Module (HSM) Standard offers security requirements for characteristics and management of hardware security modules throughout their lifecycle, to ensure confidentiality and data integrity during activities such as financial transactions and payment card personalization.

The PTS HSM Standard provides guidance and direction for appropriately designing HSMs to meet the security needs of the financial payments industry, and for protecting those HSMs up to the point of initial deployment. Other security requirements apply at the point of deployment for the management of HSMs involved with the financial payments industry.  Additionally, the standard supports validation of Remote Administration Platforms (RAP) for HSMs and of key loading devices (KLDs); and has been expanded to include Multi-tenant HSMs, which are HSMs intended for concurrent usage by multiple organizations at a cloud services provider.

Important Information

Photo.png

Intended Audience

Vendors that design and manufacture HSMs.

Photo-1.png

PTS HSM Documents

Find all of the related documents in the PCI SSC Document Library.

Visit the Document Library
Photo-2.png

Listings & Professionals

The PCI SSC encourages entities to use the PCI SSC listing in selecting approved PTS HSM devices for their payment environments.

Approved PTS Devices

Independent PCI-Recognized Laboratories evaluate HSMs against PTS HSM security requirements. PCI SSC reviews evaluation reports, approves PTS HSM devices, and provides a listing of approved devices.

PCI-Recognized Laboratories

Resources

Frequently Asked Questions

View

Global Content Library

View

PCI SSC Glossary

View

PTS HSM Blog Posts

Visit the Blog

Industry Bulletin

View

Find Important Documents

Document Library

Press Release

View

Watch our Videos

Watch on YouTube

PCI SSC Newsroom

View

Hear more on Coffee with the Council

View

PCI SSC Threat Center

View

Training Information

PCIP

PCIP

The Payment Card Industry Professional is an individual, entry-level certification in payment security information and provides you with the understanding to help your organization build a secure payment environment. Becoming a PCIP demonstrates a level of understanding that can provide a strong foundation for a career in the payments security industry.

More information

Compliance programs for all PCI SSC standards are managed by the payment brands. Questions about which entities need to validate compliance to any PCI SSC standard, or whether use of a PCI-listed product is required and for which entities, should be referred to the payment brands. Contact information for the payment brands is in FAQ #1142.