PCI DSS v4.0 Goal 4: Enhance validation methods and procedures

Hacker in darkened room

At a glance The main takeaway: PCI SSC has issued a 360-page supplemental Requirements and Testing Procedures document. This document provides QSAs extensive clarification and guidance to enhance validation methods and procedures for PCI DSS compliance reporting. Impact on your business: The PCI 4.0 Requirements and Testing Procedure document provides detailed guidance and explanations of…

Read More

The 4 Goals of PCI DSS v4.0

Fingerprint scan digital illustration

At a Glance The main takeaway: The PCI Security Standards Council released PCI DSS version 4.0 on March 31, 2022 to replace version 3.2.1. Businesses subject to PCI compliance must understand the significant changes in PCI 4.0 as they plan their transition from PCI DSS v3.2.1 to v4.0. This video is the first in a…

Read More

PCI DSS v4.0 Goal 2: Promoting security as a continuous process

Computer screen digital illustration for encryption concept

At a glance The main takeaway: Historically, PCI has been viewed as a point-in-time compliance standard and this explains why many entities have not established capabilities to treat PCI security as a continuous 24×365 process. PCI 4.0 establishes new requirements across the data security standard for security to be managed as a continuous process. Impact…

Read More

PCI DSS v4.0 Goal 3: Increasing flexibility of methods to achieve security objectives

woman in computer science lab

At a glance The main takeaway: PCI 4.0 provides two validation options for compliance with the DSS. The first is the Defined Approach, which is similar to PCI’s historic approach. The second validation option, or Customized Approach, requires entities to conduct targeted risk analysis, define and then deploy controls against each PCI requirement. Impact on…

Read More