PCI DSS v4.0: INFI Worksheet Discontinued

21. March 2024

The Payment Card Industry Security Standards Council (PCI SSC) announced it is discontinuing the Items Noted for Improvement (INFI) Worksheet.

INFI, a template for documenting items for improvement, had been introduced with PCI DSS v4.0. Effective immediately, QSAs are no longer required to complete an INFI Worksheet for PCI DSS assessments.  

In its PCI Perspectives blog, PCI SSC reports that the decision to remove INFI from assessor practices was made following detailed discussions with community stakeholders: While large parts of the community considered the general idea behind INFI to be helpful, it felt that the challenges introduced with it outweighed its benefits. PCI SSC advises QSAs to continue following assessment best practices to determine whether a requirement should be considered in place.

For more information, please refer to the PCI SSC PCI Perspectives blog.

Also interesting:

Top 3 Vulnerabilities in Cloud Pentests

Top 3 Vulnerabilities in Cloud Pentests

During their penetration tests (pentests), our security analysts at usd HeroLab repeatedly uncover vulnerabilities that pose significant risks to corporate security. They increasingly encounter the same vulnerabilities. Our blog series "Top 3 Vulnerabilities" presents...

KRITIS Audits: BSI Specifies Maturity Levels for Verification Assessment

KRITIS Audits: BSI Specifies Maturity Levels for Verification Assessment

In January, the German Federal Office for Information Security (BSI) published the document „Reife- und Umsetzungsgradbewertung im Rahmen der Nachweisprüfung (RUN)“ (Maturity and implementation level assessment as part of the verification audit). This document defines...

Categories

Categories