PCI DSS v4.0 Release Postponed until March 2022
25. June 2021

Affected businesses and QSA organizations are eagerly awaiting the release of the final version 4.0 of the PCI Data Security Standard (PCI DSS). The PCI Security Standards Council (PCI SSC) now announced that the release will not be in Q4 2021 as previously planned. The PCI Council cites March 2022 as the new release date.

According to the Council, the reason for the postponement is the decision to grant an additional RFC (Request for Comments) phase for the PCI DSS v4.0 validation documents. These documents include, for example, the SAQs (Self-Assessment Questionnaires), ROC templates (Report on Compliance) and the PCI DSS Glossary.

Since the revised version is expected to include a number of significant changes and innovations to the standard, the PCI Council is simultaneously announcing that Participating Organizations, QSA organizations, and ASVs will receive a preview version of the standard as early as January 2022, before it is released to the public. These stakeholders will therefore have the opportunity and some extra time to familiarize themselves with the new standard before it will be released in March 2022.

Despite the postponed publication, a sufficient transition period of 18 months is still provided for affected companies to review the changes and adjust processes and systems accordingly. This phase will begin once all PCI DSS v4.0 documents have been published.


Our experienced PCI auditors Jan Kemper and Vinzent Broer also provided a closer look at the developments in a webinar on 24.08.2021. Here you can find the recording with their views.

Do you have any questions or need assistance with your PCI compliance project? Contact us, we’ll be happy to help.

Also interesting:

3 Reasons for a Cloud Security Audit

3 Reasons for a Cloud Security Audit

Outsourcing applications and data to the cloud brings significant benefits for companies, but at the same time also new challenges for the corresponding IT departments. The technologies and processes of a cloud environment differ from those of local data centers....

usd HeroLab Top 5 Vulnerabilities 2020: SMB 1.0 & SMB Signing

usd HeroLab Top 5 Vulnerabilities 2020: SMB 1.0 & SMB Signing

During penetration tests our security analysts repeatedly uncover gateways in IT systems and applications that pose significant risks to corporate security. They increasingly identify the same vulnerabilities in different IT assets, some of which have been known for...

Categories

Categories