The Payment Card Industry Security Standards Council (PCI SSC) announced it is discontinuing the Items Noted for Improvement (INFI) Worksheet.
INFI, a template for documenting items for improvement, had been introduced with PCI DSS v4.0. Effective immediately, QSAs are no longer required to complete an INFI Worksheet for PCI DSS assessments.
In its PCI Perspectives blog, PCI SSC reports that the decision to remove INFI from assessor practices was made following detailed discussions with community stakeholders: While large parts of the community considered the general idea behind INFI to be helpful, it felt that the challenges introduced with it outweighed its benefits. PCI SSC advises QSAs to continue following assessment best practices to determine whether a requirement should be considered in place.
For more information, please refer to the PCI SSC PCI Perspectives blog.
