Adobe will discontinue PCI DSS Service Provider Certification of Adobe Document Cloud PDF Services effective June 30, 2021. This notice does not impact PCI DSS Certification supported by other Adobe products and services.
Definitions
What is PCI-DSS?
The Payment Card Industry Digital Security Standard (PCI DSS) is a compliance standard that defines data security requirements relating to the processing, storage, or transmission of cardholder data. Learn more.
What constitutes cardholder data?
At a minimum, cardholder data consists of the full PAN. Cardholder data may also appear in the form of the full PAN plus any of the following: cardholder name, expiration date and service code. Learn more.
Common questions
How do I know if I am impacted?
If you are using Document Cloud PDF Services to process or store documents that contain cardholder data, you will be affected. If you are not using Document Cloud PDF Services to process or store documents that contain cardholder data, you are not affected.
I use Adobe Acrobat Sign. Will this affect Acrobat Sign?
No, this only affects PDF Services and Document Cloud file storage, not Acrobat Sign. Adobe Acrobat Sign Solutions for Enterprise will still be PCI Certified.
I use a desktop only version of Adobe Acrobat, is that affected?
No, this only affects PDF Services and Document Cloud file storage.
Does this mean that Document Cloud is less secure?
No, Document Cloud and PDF Services are still secure, and your data is safe with us. We have examined customer use cases and workflows, and we are moving Document Cloud in a direction that is incompatible with processing and storing cardholder data. Learn more.
I have content that contains customer cardholder data stored in Document Cloud. What do I need to do?
If you are subject to PCI DSS compliance, remove any content that has cardholder data from Document Cloud before June 30, 2021. You may need to change any workflows or processes to prevent this information from being stored in Document Cloud in the future. You can independently consult a compliance officer for any other steps that you should take to maintain your PCI DSS compliance.
What will happen between now and June 30, 2021?
We are not making changes right now. But starting July 1, 2021, we will begin making changes to Document Cloud services that will not be compatible with PCI DSS.
I don’t use Document Cloud storage or PDF Services. Does this affect me?
No. This only affects Document Cloud storage and PDF services.
My organization handles cardholder data, but we do not store in Document Cloud. Does this affect me?
No, because you are already avoiding storing cardholder data in Document Cloud, this will not affect your compliance.