{"id":15403,"date":"2022-04-14T12:31:08","date_gmt":"2022-04-14T11:31:08","guid":{"rendered":"https:\/\/www.dionach.com\/?post_type=project&p=15403"},"modified":"2024-02-06T13:04:29","modified_gmt":"2024-02-06T13:04:29","slug":"pci-dss-v4-0-everything-you-need-to-know","status":"publish","type":"project","link":"https:\/\/dionach.com\/nl\/project\/pci-dss-v4-0-everything-you-need-to-know\/","title":{"rendered":"PCI DSS v4.0 – Everything You Need To Know"},"content":{"rendered":"\n

Author:<\/strong> Tony McCutcheon – GRC Consultant
On the 31st of March 2022, global payment security forum, the PCI Security Standards Council, released PCI DSS v4.0. Following on from PCI DSS v3.2.1 which was released on 1st January 2019, v4.0 addresses emerging threats and technologies more efficiently and provides innovative ways to combat new threats.
Below, we will go through the main points you need to know for the implementation of PCI DSS v4.0.<\/p>\n\n\n\n

Implementing PCI DSS 4.0<\/strong><\/h2>\n\n\n\n

Both versions of PCI DSS are valid simultaneously until 31st March 2024, giving organisations time to implement the necessary changes. After this time, v3.2.1 will be retired and replaced by PCI DSS v4.0 . Until this date, companies can review the changes and implement the required actions to enable a smooth transition to v4.0.
There are 64 new requirements in PCI DSS v4.0, 13 of which will immediately take effect. The remaining 51 requirements are considered best practice until March 31st 2025, at which time they will become effective for all entities seeking PCI compliance. While the 51 requirements will not become a part of assessments until March 2025, we advise that organisations begin preparing<\/a> for and implementing the required changes well before this date.
The below timeline of implementation is helpful in demonstrating this process.
\"PCI<\/p>\n\n\n\n

Where have the changes indicated in PCI DSS v4.0 stemmed from?<\/strong><\/h2>\n\n\n\n

Planning for PCI DSS v4.0 started in 2017 and involved over 200 companies providing feedback with over 6000 comments.
This comprehensive feedback resulted in identification of the following 4 main goals of the v4.0 release:<\/p>\n\n\n\n

    \n
  1. Ensure the standard continues to meet the security needs of the payments industry<\/li>\n\n\n\n
  2. Promote security as a continuous process<\/li>\n\n\n\n
  3. Increase flexibility to allow entities to use different methods to achieve security objectives<\/li>\n\n\n\n
  4. Enhance validation methods and procedures<\/li>\n<\/ol>\n\n\n\n

    What are the new requirements? <\/strong><\/h2>\n\n\n\n

    To assist in achieving these goals, PCI DSS v4.0 includes new or enhanced requirements relating to areas including:<\/p>\n\n\n\n