ProfessionalVendor-neutralPCI Security Standards Council· issued from US

PCI QSA

PCI Qualified Security Assessor

Official page at PCI Security Standards Council ↔ Compare with another cert

Exam fee

Ongoing

—

Study time

80–160 hrs

Delivery

—

Validity

—

› Quality score

30.5 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor

How well-defined and rigorous the exam blueprint is.

PCI SSC publishes the QSA program guide with explicit assessor competencies.

8.5/10

Practical evidence

Hands-on labs / written reports vs pure MCQ.

Includes shadow assessments and ROC review by PCI SSC; substantial applied component.

5.0/10

Currency & upkeep

How aggressively content is kept current with the field.

Refreshed with each PCI DSS major version; v4 in active use 2024+.

9.0/10

Market recognition

How often this signal actually moves a hiring decision.

Required to perform Level-1 PCI assessments; strong portability among assessors.

8.0/10

› NICE Framework work roles

The NIST NICE work-role IDs this cert maps to. NICCS lookup.

OG-WRL-016OG-WRL-012

Recognition

Global

Exam languages

› Core domains covered

The 2 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.

A1Governance, Risk & Compliance

Risk frameworks (NIST RMF, ISO 31000, FAIR), policy development, audit, regulatory compliance, third-party risk.

A12Data Security, Privacy & Protection

Data classification, encryption-at-rest/in-transit, DLP, tokenization, privacy-by-design, plus the regulatory stack (GDPR, CCPA, HIPAA) that sets the bar.

› Prerequisites

Experience

Recommended: 3-5 years of relevant security experience. No formal prerequisite from the issuer.

› Careers that commonly pursue this cert

Vulnerability Management Lead

Owns the end-to-end find → prioritize → fix → verify loop at scale, now increasingly AI-driven.

See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.

Highlight on the domain map Browse all certifications