PCI DSS v4.0: INFI Worksheet Discontinued

21. March 2024

The Payment Card Industry Security Standards Council (PCI SSC) announced it is discontinuing the Items Noted for Improvement (INFI) Worksheet.

INFI, a template for documenting items for improvement, had been introduced with PCI DSS v4.0. Effective immediately, QSAs are no longer required to complete an INFI Worksheet for PCI DSS assessments.  

In its PCI Perspectives blog, PCI SSC reports that the decision to remove INFI from assessor practices was made following detailed discussions with community stakeholders: While large parts of the community considered the general idea behind INFI to be helpful, it felt that the challenges introduced with it outweighed its benefits. PCI SSC advises QSAs to continue following assessment best practices to determine whether a requirement should be considered in place.

For more information, please refer to the PCI SSC PCI Perspectives blog.

Also interesting:

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

Current developments in AI systems show that vulnerabilities are found more quickly, suitable exploits are developed more quickly, and attacks are increasingly implemented automatically. This significantly reduces the time between discovery and exploitation. What used...

Bafin Publishes 9th Amendment to MaRisk

Bafin Publishes 9th Amendment to MaRisk

On 30 June 2026, all credit institutions and financial services institutions in Germany received an important circular: Following the consultation phase, the German Federal Financial Supervisory Authority (Bafin) published the 9th amendment to its Minimum Requirements...

usd AG Listed as EPI Partner for Mobile Security Evaluations

usd AG Listed as EPI Partner for Mobile Security Evaluations

The popularity of mobile payments is growing, and with it, the demand for verified security. usd AG is expanding its activities in the EPI environment and will also conduct Mobile Security Evaluations in the future. This places us among the few EPI-listed Security...

Categories

Categories