With 31 March 2024 rapidly approaching, Lauren Holloway, Director, Data Security Standards, shares some key questions, answers, and resources to help entities successfully transition to PCI DSS v4.0.
Where to Begin
Whether you have already started the transition or are not sure where to begin, here are Eight Steps for the Journey to PCI DSS v4.0.
New Requirements
There are more than 50 new requirements in PCI DSS v4.0 – do you know which ones apply to you and what you need to do to meet them?
- For the complete list of new requirements, including those that are effective immediately and those that are effective on 31 March 2025, review the Summary of Changes.
- To understand how to meet the new requirements, you can find detailed guidance, best practices, and implementation examples in the requirements’ Guidance Column in the Standard.
SAQ Changes
Every SAQ has been updated for PCI DSS v4.0 and most SAQs have more requirements. Do you know what these updates mean for you?
- For detailed guidance on what is new in the SAQs, read the SAQ Instructions and Guidelines.
- To understand how to meet the new requirements, you can find detailed guidance, best practices, and implementation examples in the requirements’ Guidance Column in the Standard.
Will my PCI DSS v3.2.1 assessment expire on 31 March 2024?
- No. The period that a PCI DSS v3.2.1 assessment result is valid does not change when v3.2.1 is retired. However, there may be other considerations. Find out more about transitioning from an expired standard here.
- Depending on when an organization transitions to a newer version of PCI DSS, they might find that some of their service providers are still validated to the previous version. During this time, the organization should confirm some details with their service provider. More information can be found in this FAQ.
Looking for More?
There are many more FAQs (Frequently Asked Questions) to help you with PCI DSS v4.0 – search our FAQ Page for answers to your questions.