Cybersecurity

Josef Kamara, CPA, CISSP, CISA · Updated May 2, 2026 · 1 minute read

Attestation of Compliance (AoC)

A summary certification document confirming an organization's PCI DSS compliance status. The AoC accompanies the Report on Compliance for QSA-assessed entities or the Self-Assessment Questionnaire for self-assessing entities.

From the library

The full analysis on Attestation of Compliance (AoC).

The article is where the term meets the practitioner. Read how this concept actually shows up in audit, in remediation, and in the boardroom.

Read the analysis →
The Authority Brief

One compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.