An Attestation of Compliance must be submitted __________________.

An Attestation of Compliance (AOC) is a critical document in the PCI DSS compliance process that verifies a merchant's adherence to the security standards set by the PCI Security Standards Council. This document must be submitted with all Reports on Compliance (ROCs) and Self-Assessment Questionnaires (SAQs) because it serves as a formal declaration of compliance status based on the evaluation contained in the accompanying documentation.

When a merchant or a service provider completes the compliance evaluation, they need to provide the AOC alongside the ROC, if applicable, or the relevant SAQ. This ensures a consistent process for all organizations regardless of their size or transaction volume and provides assurance to stakeholders that they have undergone the necessary evaluations to meet PCI compliance requirements.

Moreover, the requirement to submit the AOC with all types of compliance reports emphasizes the comprehensive nature of PCI DSS, as it applies uniformly across various merchant levels and types. It is important for organizations to understand that the AOC is not limited to Level 1 merchants or specific instances; it plays a significant role in validating compliance across the entire framework of PCI DSS, ensuring transparency and accountability within the payment ecosystem.