PCI DSS v4.0: INFI Worksheet Discontinued

21. March 2024

The Payment Card Industry Security Standards Council (PCI SSC) announced it is discontinuing the Items Noted for Improvement (INFI) Worksheet.

INFI, a template for documenting items for improvement, had been introduced with PCI DSS v4.0. Effective immediately, QSAs are no longer required to complete an INFI Worksheet for PCI DSS assessments.  

In its PCI Perspectives blog, PCI SSC reports that the decision to remove INFI from assessor practices was made following detailed discussions with community stakeholders: While large parts of the community considered the general idea behind INFI to be helpful, it felt that the challenges introduced with it outweighed its benefits. PCI SSC advises QSAs to continue following assessment best practices to determine whether a requirement should be considered in place.

For more information, please refer to the PCI SSC PCI Perspectives blog.

Also interesting:

Top 3 Vulnerabilities in Mobile App Pentests

Top 3 Vulnerabilities in Mobile App Pentests

During their penetration tests (pentests), our security analysts at usd HeroLab repeatedly uncover vulnerabilities that pose significant risks to corporate security. They increasingly encounter the same vulnerabilities. Our blog series "Top 3 Vulnerabilities" presents...

Security Advisories for SONIX and SAP

Security Advisories for SONIX and SAP

The pentest professionals at usd HeroLab examined SONIX Technology Webcam and SAP Fiori Sample Shop during their pentests. Our professionals discovered that systems with a SONIX Technology Webcam using the SonixDeviceMFT.dll driver in their default configuration are...

Categories

Categories