Affected businesses and QSA organizations are eagerly awaiting the release of the final version 4.0 of the PCI Data Security Standard (PCI DSS). The PCI Security Standards Council (PCI SSC) now announced that the release will not be in Q4 2021 as previously planned. The PCI Council cites March 2022 as the new release date.
According to the Council, the reason for the postponement is the decision to grant an additional RFC (Request for Comments) phase for the PCI DSS v4.0 validation documents. These documents include, for example, the SAQs (Self-Assessment Questionnaires), ROC templates (Report on Compliance) and the PCI DSS Glossary.
Since the revised version is expected to include a number of significant changes and innovations to the standard, the PCI Council is simultaneously announcing that Participating Organizations, QSA organizations, and ASVs will receive a preview version of the standard as early as January 2022, before it is released to the public. These stakeholders will therefore have the opportunity and some extra time to familiarize themselves with the new standard before it will be released in March 2022.
Despite the postponed publication, a sufficient transition period of 18 months is still provided for affected companies to review the changes and adjust processes and systems accordingly. This phase will begin once all PCI DSS v4.0 documents have been published.
Our experienced PCI auditors Jan Kemper and Vinzent Broer also provided a closer look at the developments in a webinar on 24.08.2021. Here you can find the recording with their views.
Do you have any questions or need assistance with your PCI compliance project? Contact us, we’ll be happy to help.