Do you outsource your eCommerce environment for PCI and validate requirements based on an SAQ A? If so, there are several new requirements coming with PCI DSS 4.0 that you need to be aware of. Here’s a summary of the new requirements found in an SAQ and some guidance for what you can do now to prepare.

 

PCI eCommerce SAQ A
Read the summary

Do you have questions or need additional guidance? Reach out to the HALOCK QSA team for Subject Matter Expertise and 4.0 preparation work. 4.0 transition training for QSA will be released in the middle of July and HALOCK is already allocating time to complete that training ASAP, to ensure our guidance for 4.0 is aligned with the SCC’s intent.

For an update on this topic, visit: Clarification on eCommerce Outsourcing PCI DSS requirements 6.4.3 and 11.6.1

HALOCK Viviana Wesley Reasonable Security Information Security QSA

 

AUTHOR: Viviana Wesley, PCI QSA, ISO 27001 Auditor

 

PCI WEBINAR SERIES

Preparing for Your Transition to PCI DSS v4.0 Webinar
PCI DSS v3.2.1 expires on March 31, 2024. With 64 new requirements in PCI DSS v4.0, companies have a lot to consider in preparation for the coming deadline. In our 5-part PCI Webinar Series, learn about the general changes to 4.0, new requirements, best practices, and how an increased focus on risk evaluations in this new version will be a driving force for security and compliance.

Join Viviana Wesley, CISM, PCI QSA, ISO 27001 Auditor and HALOCK Principal Consultant to review key updates and next steps to support your transition to PCI DSS v4.0.

 

PCI DSS Requirements

PCI DSS Requirement 5.4.1: Anti-spoofing controls such as DMARC, which stands for Domain-based Message Authentication, Reporting and Conformance, Sender Policy Framework (SPF), and Domain Keys Identified Mail (DKIM) can help stop phishers from spoofing the entity’s domain and impersonating personnel. 

Clarification on eCommerce Outsourcing PCI DSS requirements 6.4.3 and 11.6.1

Unpacking the New PCI DSS Password Standards

Is Your Organization Prepared for PCI DSS Automation – Requirement 10.4.1.1?

What is the PCI DSS v4 Authenticated Scanning Mandate – Requirement 11.3.1.2?

What is the PCI DSS v4.0.1 Requirement for PoLP – Requirement 7.2.5?

PCI SSC Updates SAQ A: Removal of Key eCommerce Security and New Eligibility Criteria – Requirements 6.4.3, 11.6.1, 12.3.1

The New PCI DSS v4.0.1 Software Catalog Mandate – Requirement 6.3.2

How PCI DSS 4.0.1 Tackles Service Account Vulnerabilities – Requirements 8.6.1, 7.2.5.1, 8.6.2, 8.6.3, 10.2.1.2

Are You Keeping an Inventory of Cipher Suites and Certificates for the New PCI DSS – Requirements 12.3.3, 4.2.1.1?

How to Analyze An Attestation of Compliance (AOC)

 

INFORMATION SECURITY PRIMERS

Managing IoT Risk: A Primer

Primer on Post-Quantum Cryptography (PQC)

Primer on Cloud Security

A Primer for AI Legislation and Litigation: Trends and Resources

A Primer to Frictionless Authentication

A Primer to Russian Intelligence “Snake” Malware

A Primer to Security Access Service Edge (SASE)

A Primer to Digital Risk Protection Services (DRPS)

A Primer to Containerization

A Primer to Cloud Access Security Brokers (CASB)

A Primer to Zero Trust Security

A Primer to Deception Technology

Managing AI Risks in Organizational Adoption and Usage

What are DeepFakes?