IT'S THE FINAL LAP
v3.2.1 of the PCI DSS has officially retired, and now we must prepare to meet v4.0 toughest requirements, yet.
What does your organization need to do to meet the future-dated requirements for PCI v4.0? Do you have a realistic roadmap in place? Do you know what the impact will be on your business?
Our PCI v4.0 Resource Library is filled with experienced QSAs "in the trenches" tips and tools to simplify your transition.
Scroll down to discover unique insights and practical solutions that will help you stay on track as you navigate
the challenges you may face in achieving and maintaining PCI compliance.
This comprehensive eBook breaks down all the updates
made to the new v4.0 standard.
Written by: Jordan Wiseman
Leaders of our security team, Steve Levinson, VP of Risk & Security, and Privacy and Sherri Collis, Director of PCI Services, join Total Compliance Tracking in a special Two-Part episode of Compliance Unfiltered. Listen in for insights on the key structural changes to PCI 4.0, a targeted risk analysis overview, and the new requirements for 4.0.
Authenticated scans are now required to satisfy internal vulnerability scanning. This eBook explores how this new change will impact PCI security programs.
Written by: Jeff Man
A Service Provider engaged Online's PCI Advisors to address technical requirements. Our QSA team evaluated network and application environment using BMC Discover. Online was able to help this Client obtain Compliance Attestation, improving their security and compliance posture for future sustainability.
ACME Corporation, a globally operated large equipment manufacturer, turned to Online’s QSA team to help them clarify the PCI DSS for requirements and advise on scope reduction. Not only did ACME exceed their scope reduction goals, but they ended up with some very pleasant side-effects.
v4.0 REQUIREMENTS LIBRARY
Disk Level Encryption: The 3.2.1 Magic Bullet has been Left Behind
Prepare for a transformative shift in cardholder data security with PCI DSS v4.0. With native disk encryption no longer a shield, organizations worldwide must swiftly adapt, revisiting encryption stra...
Take a Pit Stop – 5 Point Inspection Questions to Consider NOW before the 4.0 Last Lap
2023 is flying by. Before you can say March 2024, v3.2.1 of the PCI DSS will be retired. Do you know what your organization needs to do to cross the v4.0 finish line, and how much time it will take? N...
#1 Preventative Measure to Stop Network Breaches
Despite the significant changes introduced with PCI DSS v4.0, there are many bedrock requirements that did not change. This article serves to highlight an often neglected, but extremely important face...
Three Steps to Avoiding an “In Place With Remediation” Status
Three steps to avoiding the new "In Place with Remediation" status and using the seven P's to help -- prior proper planning prevents p*#s poor performance! A few months ago, we published a blog “There...
DSS 4.0 Clarifies, Strengthens MFA Requirements
MFA under v4.0: No more admin bypass. And no more accessing the CDE without it. Start now and make sure you’ve got the time to set up MFA correctly, and securely. Your users will thank you, your QSA w...
Authenticated Vulnerability Scanning
One of the most significant changes introduced in PCI DSS v4.0 involves the documented approach for performing internal vulnerability scans. The internal vulnerability scanning requirement (now 11.3.1...
Monitor the Monitoring
There are two notable changes that may require a fair bit of runway to fully meet the existing requirement to monitor your critical security control systems. On March 31st, 2022 PCI DSS v4.0 was relea...
There is Trouble Brewing: In Place with Remediation
What could possibly go wrong with calling out a non-compliant status, or “In Place with Remediation,” on your Attestation of Compliance? Do you have a storm brewing you are yet aware of? On March 31st...
Understanding the Changes to Appendix A1: Multi-Tenant Service Providers
Are you a SaaS? Do you offer various shared services to merchants and other service providers with access to resources or services being logically controlled or partitioned to keep resources contained...
Incident Response - Unexpected PAN Identified
Mistakes with PAN happen! Data leaks, memory dumps, or debug logs can accidentally contain sensitive information and can leak data into unexpected places in your environment. It is now a requirement t...
Web Application Firewall - Automated Technical Solution
There are now two options to meeting the new requirement 6.4.2 for a web application firewall: WAF or RASP. Notice I didn’t say manual code review! On March 31st, 2022 PCI DSS v4.0 was released. Today...
Roles and Responsibilities | Who's Driving What?
If you don’t have documented and employee acknowledged roles and responsibilities for every role that is part of your PCI scope of assessment, you may need a long roadway to get this in place. On Marc...
PCI v4.0 - Requirement 7: All Things Accounts and Access Reviews
Remember the good ole days when Requirement 7 was all about general and privileged user accounts? Well, those days are done as of March 31, 2025! On March 31st, 2022 PCI DSS v4.0 was released. Today’s...
The Customized Approach | Part 1
Have you ever been off-roading? Full-on four-wheel-drive, low gear, creeping over rocks, or blasting through snowbanks? It’s quite an exhilarating experience. I liken the updates made to the Customize...
The Customized Approach | Part 2
The recent release of PCI DSS v4.0 may give the mistaken impression that there is a lot of time for organizations to prepare for any required changes to people, processes, and technologies. While this...
The Customized Approach | Part 3
I’ve recently spent some time reviewing the PCI DSS v4.0’s updates on the Customized Approach and want to go on record as stating that I believe this is one of the most significant changes in the new ...
4 Things You Must Know About PCI's New Anti-Malware Requirements
The number of assessment testing procedures for anti-malware doubled – it went from 18 to 36, including a major new requirement! Many of my clients, both merchants and service providers, are asking ab...
Targeted Risk Assessments | Know Thy Risks
PCI DSS v4.0 introduces new expectations about what is required when it comes to assessing risk. In contrast to the previous version of the Standard, risk awareness is a core concept that permeates mu...
