This comprehensive eBook breaks down all the updates made to the new v4.0 standard.
Written by: Jordan Wiseman
Watch our webinar recording to hear from our team of security experts as they break down the key changes that organizations need to pay most attention to.
Authenticated scans are now required to satisfy internal vulnerability scanning. This eBook explores how this new change will impact PCI security programs.
Written by: Jeff Man
Three steps to avoiding the new "In Place with Remediation" status and using the seven P's to help -- prior proper planning prevents p*#s poor performance! A few months ago, we published a blog “There...
MFA under v4.0: No more admin bypass. And no more accessing the CDE without it. Start now and make sure you’ve got the time to set up MFA correctly, and securely. Your users will thank you, your QSA w...
One of the most significant changes introduced in PCI DSS v4.0 involves the documented approach for performing internal vulnerability scans. The internal vulnerability scanning requirement (now 11.3.1...
There are two notable changes that may require a fair bit of runway to fully meet the existing requirement to monitor your critical security control systems. On March 31st, 2022 PCI DSS v4.0 was relea...
What could possibly go wrong with calling out a non-compliant status, or “In Place with Remediation,” on your Attestation of Compliance? Do you have a storm brewing you are yet aware of? On March 31st...
Are you a SaaS? Do you offer various shared services to merchants and other service providers with access to resources or services being logically controlled or partitioned to keep resources contained...
Mistakes with PAN happen! Data leaks, memory dumps, or debug logs can accidentally contain sensitive information and can leak data into unexpected places in your environment. It is now a requirement t...
There are now two options to meeting the new requirement 6.4.2 for a web application firewall: WAF or RASP. Notice I didn’t say manual code review! On March 31st, 2022 PCI DSS v4.0 was released. Toda...
If you don’t have documented and employee acknowledged roles and responsibilities for every role that is part of your PCI scope of assessment, you may need a long roadway to get this in place. On Marc...
Remember the good ole days when Requirement 7 was all about general and privileged user accounts? Well, those days are done as of March 31, 2025! On March 31st, 2022 PCI DSS v4.0 was released. Today’...
Have you ever been off-roading? Full-on four-wheel-drive, low gear, creeping over rocks, or blasting through snowbanks? It’s quite an exhilarating experience. I liken the updates made to the Customize...
The recent release of PCI DSS v4.0 may give the mistaken impression that there is a lot of time for organizations to prepare for any required changes to people, processes, and technologies. While this...
I’ve recently spent some time reviewing the PCI DSS v4.0’s updates on the Customized Approach and want to go on record as stating that I believe this is one of the most significant changes in the new ...
The number of assessment testing procedures for anti-malware doubled – it went from 18 to 36, including a major new requirement! Many of my clients, both merchants and service providers, are asking ab...
PCI DSS v4.0 introduces new expectations about what is required when it comes to assessing risk. In contrast to the previous version of the Standard, risk awareness is a core concept that permeates m...
Source: https://www.pcisecuritystandards.org/
PCI Standards Council | https://www.pcisecuritystandards.org/ |
PCI Standards Council FAQs | https://www.pcisecuritystandards.org/faqs |
PCI Standards Council Newsroom | https://www.pcisecuritystandards.org/about_us/newsroom_overview |
American National Standards Institute | www.ansi.org |
Center for Internet Security | www.cisecurity.org |
Cloud Security Alliance | www.csa.org |
European Union Agency for Cybersecurity | www.unisa.europa.eu |
The FIDO Alliance | www.fidoalliance.org |
International Organization for Standardization | www.iso.org |
The UK National Cyber Security Centre | www.ncsc.gov.uk |
National Institue of Standards and Technology | www.nist.gov |
Open Web Application Security Project | www.owasp.org |
Software Assurance Forum for Excellence in Code | www.safecode.org |