PCI Security Standard V4.0.1 Revision

Published on: Jun 14, 2024

On Jun. 11, PCI revised DSS v4.0.1 following stakeholder feedback.

  • PCI issued a limited revision to the standard PCI DSS v4.0.1, to address stakeholder feedback and questions received since PCI DSS v4.0 was published in Mar. 2022.
  • Follows, PCI Dec. 2023 requested comments on limited revision of DSS 4.0, #198761.
  • Summary
  • The revision includes format/typographical corrections, clarifies focus/intent of some requirements and guidance, but there are no additional or deleted requirements.
  • Main amendments are to requirements 3, 6; 8, 12, and minor changes to appendices.
  • PCI DSS v4.0.1 report on compliance (ROC) template and attestations of compliance (AOCs), self-assessment questionnaires (SAQs) are due to be published in Q3 2024.
  • To be followed shortly by updated supporting documents e.g. prioritized approach tool.
  • Effectiveness
  • PCI DSS v4.0 will be retired on Dec. 31, 2024; limited revision to PCI DSS v4.0.1 does not impact the effective date of these new requirements, which is still Mar. 31, 2025.
  • In Aug. 2024, PCI blogged on adopting requirements of PCI DSS V4.x, see #223426.
Regulators
PCI
Entity Types
Bank; Corp; MSB
Reference
Bl, RFC, 6/11/2024
Functions
Compliance; Legal; Operations; Privacy; Risk; Technology
Countries
Global Regulator
Category
State
N/A
Products
Banking; Cards; Payments
Rule Type
Final
Regions
Global
Rule Date
Jun 11, 2024
Effective Date
Mar 31, 2025
Rule ID
215579
Linked to
Rule :198761
Reg. Last Update
Jun 11, 2024
Report Section
International