From 28 June to 28 July, PCI SSC stakeholders can participate in a Request for Comments (RFC) on a draft of the PCI DSS v4.0 draft validation documents. As indicated in a recent post on the PCI DSS v4.0 timeline, this RFC was added as a unique opportunity for the industry to provide feedback on drafts of the v4.0 Report on Compliance (ROC) Template and the ROC Attestations of Compliance (AOC). This RFC also introduces a new approach to merchant self-assessments, called Merchant Assessment Forms (MAFs), intended to replace Self-Assessment Questionnaires.
Additional material, including the Read Me First Instructions, has been included with the RFC materials to help with review of the validation documents. We ask RFC participants to review the Read Me First before the RFC documents for key information about:
- Downloading the RFC materials,
- Suggestions for how to provide effective feedback,
- Extra material intended to facilitate review of the RFC documents,
- Overview and Things to Consider information for each RFC document,
- Answers to anticipated Frequently Asked Questions
Also on the blog: What to Know Before Participating in a PCI SSC RFC
PCI SSC will review and consider every piece of feedback. Upon completion of the feedback review and subsequent updates to the documents, a summary of feedback will be prepared for RFC participants that will include all RFC comments, each organization’s name, and how PCI SSC actioned each feedback. Please review the RFC Process Guide and our resource guide: What to Know Before Participating in a PCI SSC RFC for more information.