PCI DSS 4.0 released, addresses emerging threats and technologies

2022-07-05 04:30

PCI DSS is a global standard that provides a baseline of technical and operational requirements designed to protect account data.

To provide organizations time to understand the changes in the new version and implement any updates needed, the current version of PCI DSS, 3.2.1, will remain active for two years until it is retired on 31 March 2024.

Once assessors have completed training in PCI DSS 4.0, organizations may assess to either PCI DSS 4.0 or PCI DSS 3.2.1.

"The industry has had unprecedented visibility into, and impact on the development of PCI DSS 4.0," says Lance Johnson, Executive Director of PCI SSC. "Our stakeholders provided substantial, insightful, and diverse input that helped the Council effectively advance the development of this version of the PCI Data Security Standard."

Updated firewall terminology to network security controls to support a broader range of technologies used to meet the security objectives traditionally met by firewalls.

"PCI DSS 4.0 is more responsive to the dynamic nature of payments and the threat environment," says Emma Sutcliffe, SVP, Standards Officer of PCI SSC. "Version 4.0 continues to reinforce core security principles while providing more flexibility to better enable diverse technology implementations. These updates are supported by additional guidance to help organizations secure account data now and into the future."

News URL

https://www.helpnetsecurity.com/2022/07/05/pci-dss-4-0-released/

#PCI #pcidss #threat