PCI DSS v4.0: INFI Worksheet Discontinued

21. March 2024

The Payment Card Industry Security Standards Council (PCI SSC) announced it is discontinuing the Items Noted for Improvement (INFI) Worksheet.

INFI, a template for documenting items for improvement, had been introduced with PCI DSS v4.0. Effective immediately, QSAs are no longer required to complete an INFI Worksheet for PCI DSS assessments.  

In its PCI Perspectives blog, PCI SSC reports that the decision to remove INFI from assessor practices was made following detailed discussions with community stakeholders: While large parts of the community considered the general idea behind INFI to be helpful, it felt that the challenges introduced with it outweighed its benefits. PCI SSC advises QSAs to continue following assessment best practices to determine whether a requirement should be considered in place.

For more information, please refer to the PCI SSC PCI Perspectives blog.

Also interesting:

SWIFT CSCFv2025 - The Three Most Important Questions About the Update

SWIFT CSCFv2025 - The Three Most Important Questions About the Update

Users of the SWIFT network are required to demonstrate compliance with the mandatory security controls through an annual independent audit in accordance with the Customer Security Control Framework (CSCF). As part of this SWIFT Assessment, the security of an...

From Unicode to Exploit: The Security Risks of Overlong UTF-8 Encodings

From Unicode to Exploit: The Security Risks of Overlong UTF-8 Encodings

In the dynamic field of cybersecurity, it is often the obscure and long-forgotten vulnerabilities that pose a hidden threat to otherwise hardened systems. One such vulnerability lies in invalid character encodings that violate the UTF-8 standard. While overlong UTF-8...

Categories

Categories