• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer
  • Home
  • Resources
    • Calculators
      • ISO Certification Cost Calculator
      • Cost of Quality Calculator
    • Lowest Cost ISO Services Quote Program
    • Online Gap Checklists
      • ISO 9001 Gap Checklist
        • ISO 9001 Gap Checklist Overview
        • ISO 9001 Gap Checklist Sample
        • ISO 9001 Gap Checklist Dashboard
      • ISO 45001 Gap Checklist
        • 45001 Checklist Gap Checklist Overview
        • ISO 45001 Gap Checklist Sample
        • ISO 45001 Gap Checklist Dashboard
      • ISO 27001 Gap Checklist
        • ISO/IEC 27001 Gap Checklist Overview
        • ISO 27001 Gap Checklist Sample
        • ISO 27001 Gap Checklist Dashboard
    • White Papers
      • AI and Quality Management: Many Questions, Few Answers
      • A Guide to Quality Risk Management
      • ISO 9001 Updates FAQ
      • Integrating ISO 27001 and ISO 9001
    • Job Salary Reports
      • Quality Professionals Salary Report
    • Free Quality Ebook
    • Glossary
  • Articles
    • Environment
    • Cybersecurity
      • Artificial Intelligence
      • Automation
      • Career
      • Certification Management
      • Continuous Improvement
      • Documentation
      • ISO 27001
      • Information Security Mgt. Systems (ISMS)
      • Management
      • Regulatory
      • Risk Management
      • Software
      • Supplier Quality
      • Sustainability
    • Management Systems
    • Manufacturing
    • Quality
      • Artificial Intelligence
      • Automation
      • Career
      • Certification Management
      • Continuous Improvement
      • Cost of Quality
      • Documentation
      • ISO 9001
      • LEAN-6 Sigma
      • Product Safety
      • Quality Management
      • Regulatory
      • Risk Management
      • Root Cause
      • Skills
      • Software
      • Supplier Quality
      • Sustainability
    • Safety
      • Product Safety Certification
      • Risk Management
  • What We Do
    • About Conformance 1
    • Group Purchasing
    • Negotiated Discounts
    • Why Buy Through Us?
  • Products/Services
    • Name Your Fee Training
    • Registrar Directory
    • Software Directory
    • Consultant Directory
  • Online Gap Checklists
    • ISO 9001 Dashboard
    • ISO 45001 Dashboard
    • ISO 27001 Dashboard
  • Contact
    • General Inquiries
    • Ask an ISO Expert
  • Login
    • Login
    • Log Out
Conformance1

Conformance1

Tools for conforming to standards, goals and processes

Just Published: PCI DSS v4.0.1

Leave a Comment Filed Under: Cybersecurity-Regulatory

PCI DSS is Not a Bad Word | DPO Group
  • PCI DSS v4.0.1 introduces clarifications and corrections without adding or removing any requirements, addressing stakeholder feedback since the release of PCI DSS v4.0.
  • Notable updates include revisions to Requirements 3, 6, 8, and 12, focusing on encryption, vulnerability management, multi-factor authentication, and third-party service provider relationships.
  • PCI DSS v4.0 will remain active until December 31, 2024, after which v4.0.1 will be the only supported version. The March 2025 compliance deadline for new requirements will not change.

The PCI Security Standards Council (PCI SSC) has released PCI DSS v4.0.1 as a limited update to the original PCI DSS v4.0, published in March 2022. This revision addresses formatting, typographical errors, and clarifications based on feedback from stakeholders. Importantly, no new or deleted requirements were introduced, making this update a refinement of the previous version rather than a significant overhaul. The PCI SSC Board of Advisors, Global Executive Assessor Roundtable, and Principal Participating Organizations were involved in reviewing the proposed changes during a Request for Comments (RFC) period held from December 2023 to January 2024.

Key changes in PCI DSS v4.0.1 involve clarifications across several requirements. In Requirement 3, applicability notes for issuers, and those supporting issuing services were refined, along with a clearer objective for organizations using keyed cryptographic hashes. Requirement 6 saw a return to PCI DSS v3.2.1 language, stating that the 30-day patching requirement applies only to critical vulnerabilities, and additional notes were added to clarify the management of payment page scripts. Requirement 8 introduced an applicability note that exempts user accounts using phishing-resistant authentication from multi-factor authentication requirements for non-administrative access. Updates in Requirement 12 clarified relationships between customers and third-party service providers (TPSPs). Additionally, some definitions and clarifications were added in the appendices.

PCI DSS v4.0 will remain active until December 31, 2024, after which only v4.0.1 will be supported. The March 31, 2025, deadline for compliance with new requirements remains unchanged. Supporting documents such as the Report on Compliance (ROC) template, Attestations of Compliance (AOCs), and Self-Assessment Questionnaires (SAQs) for PCI DSS v4.0.1 are expected to be published by Q3 of 2024. Organizations should reference the Summary of Changes document for detailed information on the revisions.

Read the full article

Filed Under: Cybersecurity-Regulatory

Reader Interactions

Leave a Reply

You must be logged in to post a comment.

Primary Sidebar

Search

Email Newsletter

News delivered to your inbox

Name(Required)
Newsletter Preferences(Required)
This field is hidden when viewing the form
This field is for validation purposes and should be left unchanged.

Related Items

Help us improve our tool

Have a suggestion for improving our ISO Gap Analysis Checklist? Let us know.

Secondary Sidebar

Categories

Recent Posts

  • Information Security Measures for a Procrastination Combatting Digital Solution
  • Cybersecurity Governance Toolkit
  • Quick Start Guide to Security Compliance
  • Best Practices for Cybersecurity Compliance Monitoring
  • ISO 27001 certification: What happens in the certification audit?

Footer

Important Resources

Cost of Quality Calculator

ISO 9001 Online Gap Analysis

ISO Certification Cost Calculator

Free Quality Ebook

Process Improvement Survey

ISO 9001 Glossary

 

Recent Posts

  • Information Security Measures for a Procrastination Combatting Digital Solution
  • Cybersecurity Governance Toolkit
  • Quick Start Guide to Security Compliance
  • Best Practices for Cybersecurity Compliance Monitoring
  • ISO 27001 certification: What happens in the certification audit?

Search

Contact Us

About Us

Privacy Policy

 

Copyright © 2025 · Conformance1 · Log in