UPDATED AS OF JULY 2021
UPDATE: New Blog on PCI DSS 4.0
Get updates on the status on PCI DSS review of the 2019 RFC comments, when the final version of PCI DSS is planned to be completed, timing of the next RFC, and information about the RFC feedback they received. The new blog covers timing of supporting documents, transition between PCI DSSv3.2.1 and v4.0, an explanation of “future-dated requirements,” development and transition timelines for the project and more.
The PCI SSC just announced that the final version of PCI DSS v4.0 won’t be published until 2021 and won’t be required for 2 years after the publication date.
PCI DSS v3.2.1 will remain active for 2 years after PCI DSS v4.0 is released to allow organizations time to transition to the new version.
The next Request for Comment (RFC) for PCI DSS v4.0 is to be September/October 2020 which will include the second draft of PCI DSS v4.0.
Primary contacts of QSA companies, ASV companies and Participating Organizations will have the opportunity to review and provide feedback.
We will update our blogs and posts to communicate any developments on PCI DSS v4.0. You can find more news from PCI DSS blogs as well.
For PCI recommendations on payment processing with newly remote workers, PCI SSC suggests a review of key areas to protect payment card data. Read Article: Payment Processing in a Remote Working Environment
