PCI DSS Version 4.0 Content Hub2022-05-14T12:08:22+13:00

PCI DSS Version 4.0

It’s finally here! And at Confide we are very excited to be able to talk about PCI DSS – it’s one of our favourite topics. And we’ve been looking forward to talking about version 4 since we saw the first RFC (request for comment) in 2019. Nearly 3 years later we can finally start talking about what’s new, what’s not so new, and how this will impact your PCI DSS compliance.

Over the coming months, we will be publishing a large amount of content on the changes coming in version 4.0 and this is where you can find it all.

Since PCI DSS is not a one-size fits all approach, we’ve broken down our content into areas that you may find yourself interested in. Over time, more content will be added to each and we encourage you to visit, read, and reach out because regardless of where you’re at in your PCI DSS journey, we want to help you reach v4.0 compliance with as little difficulty as possible.

Key topic areas for Version 4.0 include:

PCI DSS Version 4 General Changes

PCI DSS v4.0 is a significant change. But sometimes the more things change, the more they stay the same. Topics in this area focus on how version 4.0 is different from version 3.2.1 (and how they are the same).

PCI DSS Version 4 Technical Controls

Version 4.0 has added a lot more guidance to the requirements so articles in this section take a deep dive into new and existing requirements to help you understand ways to implement technical controls.

PCI DSS Version 4 Governance Controls

Governance isn’t a new topic for PCI, but in version 4 it becomes even more important. Roles and responsibilities and targeted risk assessments are just some of the areas that you might be interested in version 4.0.

PCI DSS Version 4 and Service Providers

Service providers always have additional requirements that they are responsible for, whether or not they store cardholder data. But with version 4.0 there are some interesting topics that both merchants and service providers will be interested in learning more about.

PCI DSS Version 4 Reporting

The biggest question on everyone’s mind is how version 4 will change the reporting – whether it’s new requirements being added to SAQs or changes to approaches, we’ll be covering all of these in the coming months as the reporting documents are released.

Where to Find the Documents

The PCI SSC has created their own Version 4 Resource Hub. Where they include links to the key documentation as it is released, and other relevant materials. We definitely recommend that you keep an eye out on the new documentation since this is key to helping make sure you know what you should be preparing for!

As of the initial release (31 March 2022), the following documents are available:

  • PCI DSS v4.0
  • PCI DSS Report on Compliance Template for v4.0
  • Merchant Attestation of Compliance for v4.0
  • Service Provider Attestation of Compliance v4.0

On 28 April 2022, the SAQs were published. You can read our summary of how the SAQs have changed here, or you can find the SAQ documents at the PCI SSC website by searching for SAQ.

Are you Ready for Version 4.0?

Whether you’ve been eagerly awaiting version 4.0 like we have at Confide or you’re looking on with trepidation, we’re here to help you with your PCI DSS journey. Contact us for more information and to understand how we can help you achieve compliance with version 4.0.