The PCI 4.0 requirements were made publicly available in March 2022. They cover most of the same ground as prior versions’ requirements, with special attention paid to common areas of security like risk mitigation and access control. Compliance requires implementing all PCI 4.0 requirements.
PCI DSS
PCI SSLC firms help organizations achieve and maintain compliance with:
- Initial preparation, including scoping out implementation
- Strategic oversight and program advisory for overall governance
- Implementation or mapping assistance, including remediation
- Assessment and reporting on compliance for validation
- Ongoing maintenance and troubleshooting support
There are four critical factors that should guide your search for a PCI ASV:
- Understanding why you should seek guidance and work with an ASV
- Knowing where to look for an ASV—namely, the PCI ASV list
- Identifying what qualities make an ASV the right fit for you
- Considering other elements of compliance and governance
There are four pillars to successful and efficient preparation for PCI SSF compliance:
- Understanding the scope of the SSF, including both component frameworks
- Meeting the requirements of the Secure Software Standard
- Implementing the Secure Software Lifecycle framework
- Conducting an assessment for validation with a PCI-listed assessor
Finding the right Secure SLC Assessor comes down to looking for four critical factors:
- Assessors must be qualified by the PCI SSC to validate your compliance
- Assessors should provide comprehensive knowledge & preparatory assistance
- Assessors should present other frameworks and regulations required for compliance
- Assessors must be flexible and accommodate your current IT deployment
If your organization was subject to PA-DSS compliance in years past, you may need to achieve PCI Secure SLC certification as soon as possible. The most efficient path begins with scoping before in-depth implementation and assessment—all of which an advisor can optimize further.
If your organization is seeking PCI certification, you’ll need to conduct PCI compliance scans using a PCI ASV. Officially certified scanning vendors are required for one specific part of the DSS, but advisor organizations offering ASV tools can optimize all elements of implementation.
In 2019, the Payment Card Industry Security Standards Council (PCI SSC) began taking feedback for improving version 3 (v3.2) of the Payment Card Industry Data Security Standards (PCI DSS). With the new feedback, PCI SSC hopes to publish the final version 4 (v4.0) by 2021. Wondering how PCI DSS 4.0 will work? Get all your questions answered with our comprehensive guide.
The old Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 is still in effect. The new PCI 4.0 standards are not slated to be effective until the end of 2020, at the earliest. Again, the current PCI 4.0 draft isn’t final, and the 3.2.1 is still the standard to go to for compliance today and maybe for a long time. There will also be a period of time after the new standards are published when businesses will be given time to switch over to the latest version of the PCI DSS after its public release on the PCI Security Standard Council website.