Update on PCI-DSS Version 4.0

Apr 07, 2021

Planning for PCI-DSS v4.0 rollout has been adjusted to support an additional round of consultation

As the PCI Security Standards Council writes in a recent blog post, industry feedback is important to the ongoing development of PCI standards. New requirements can have far-reaching implications for participants in the payment card ecosystem (debit and credit cards). Therefore, the PCI-DSS validation documents will also be open for comment by the affected organizations in a consultation round.

This additional validation pushes the completion date back a bit. The new plan is to publish version 4.0 in Q4/21. The exact date for the publication of the PCI DSS v4.0 documents has not yet been determined.

The PCI Security Council will launch a Request for Comment (RFC) on drafts of the Report of Compliance v4.0 (ROC), Self-Assessment Questionnaires (SAQs) and Attestation of Compliance (AOC). The RFC is scheduled for June 2021. Details on how to participate in the RFC will be announced in the coming months.

Of course, the planning still includes a transition period to support the migration from PCI DSS v3.2.1 to v4.0, and as usual, the rollout is designed to include a reasonable transition period for the affected organizations.

The Council will provide additional information on the PCI DSS v4.0 timeline changes during the year. Subscribe to the PCI Perspectives blog to stay up to date on the progress of PCI DSS v4.0.

Source: PCI SSC Blog