PCI DSS v4.0 Release Postponed until March 2022

25. June 2021

Affected businesses and QSA organizations are eagerly awaiting the release of the final version 4.0 of the PCI Data Security Standard (PCI DSS). The PCI Security Standards Council (PCI SSC) now announced that the release will not be in Q4 2021 as previously planned. The PCI Council cites March 2022 as the new release date.

According to the Council, the reason for the postponement is the decision to grant an additional RFC (Request for Comments) phase for the PCI DSS v4.0 validation documents. These documents include, for example, the SAQs (Self-Assessment Questionnaires), ROC templates (Report on Compliance) and the PCI DSS Glossary.

Since the revised version is expected to include a number of significant changes and innovations to the standard, the PCI Council is simultaneously announcing that Participating Organizations, QSA organizations, and ASVs will receive a preview version of the standard as early as January 2022, before it is released to the public. These stakeholders will therefore have the opportunity and some extra time to familiarize themselves with the new standard before it will be released in March 2022.

Despite the postponed publication, a sufficient transition period of 18 months is still provided for affected companies to review the changes and adjust processes and systems accordingly. This phase will begin once all PCI DSS v4.0 documents have been published.


Our experienced PCI auditors Jan Kemper and Vinzent Broer also provided a closer look at the developments in a webinar on 24.08.2021. Here you can find the recording with their views.

Do you have any questions or need assistance with your PCI compliance project? Contact us, we’ll be happy to help.

Also interesting:

Security Advisory 11/2021

Security Advisory 11/2021

The usd HeroLabs pentesters have identified vulnerabilities in various products of well-known manufacturers while conducting their security analyses. These include the CVE database from the open source software company SUSE, an appliance from Sophos that is used in...

Security Advisory 10/2021

Security Advisory 10/2021

The usd HeroLabs pentesters have identified a vulnerability in the product of Microsofts Exchange Server 2016 while conducting their security analyses. Specifically, this is a Server-Side Request Forgery (SSRF) vulnerability. The disclosure of vulnerabilities is...

Categories

Categories