Do you need to test for DoS attacks in a PCI Penetration test?

ANSWER: NO

With respect to PCI compliance, testing of vulnerabilities or mis-configurations that may lead to DoS attacks which target resource network/server) availability should not be taken into consideration by the penetration testing since these vulnerabilities would not lead to compromise of cardholder data.

 

Source: PCI SSC – Information Supplement: Requirement 11.3 Penetration Testing

Answer is found on page 4.