Incident Response Hotline: 800-925-0559

Updated PCI DSS v4.0 Timeline

View Larger Image

“PCI SSC is now targeting a Q1 2022 publication date for PCI DSS v4.0. This timeline supports the inclusion of an additional request for comments (RFC) for the community to provide feedback on the PCI DSS v4.0 draft validation documents.”

A stakeholder preview is scheduled for Participating Organizations, Qualified Security Assessors (QSAs), and Approved Scanning Vendors (ASVs) for January 2022, with formal release scheduled for March 2022.

The PCI SSC blog outlines more details which includes the transition period for organizations to update from PCI DSS v3.2.1 to PCI DSS v4.0. PCI DSS v3.2.1 will remain active for 18 months once all PCI DSS v4.0 materials are released.

In addition to the transition period when v3.2.1 and v4.0 will both be active, there will be an extra period of time defined for phasing in new requirements that are identified as “future-dated” in v4.0.

For more details on this development, visit the PCI Perspectives blog.

SOURCE & IMAGE: PCI Perspectives Blog

PCI DSS Requirements

PCI DSS Requirement 5.4.1: Anti-spoofing controls such as DMARC, which stands for Domain-based Message Authentication, Reporting and Conformance, Sender Policy Framework (SPF), and Domain Keys Identified Mail (DKIM) can help stop phishers from spoofing the entity’s domain and impersonating personnel.

Clarification on eCommerce Outsourcing PCI DSS requirements 6.4.3 and 11.6.1

Unpacking the New PCI DSS Password Standards

Is Your Organization Prepared for PCI DSS Automation – Requirement 10.4.1.1?

What is the PCI DSS v4 Authenticated Scanning Mandate – Requirement 11.3.1.2?

What is the PCI DSS v4.0.1 Requirement for PoLP – Requirement 7.2.5?

PCI SSC Updates SAQ A: Removal of Key eCommerce Security and New Eligibility Criteria – Requirements 6.4.3, 11.6.1, 12.3.1

The New PCI DSS v4.0.1 Software Catalog Mandate – Requirement 6.3.2

How PCI DSS 4.0.1 Tackles Service Account Vulnerabilities – Requirements 8.6.1, 7.2.5.1, 8.6.2, 8.6.3, 10.2.1.2

Are You Keeping an Inventory of Cipher Suites and Certificates for the New PCI DSS – Requirements 12.3.3, 4.2.1.1?

How to Analyze An Attestation of Compliance (AOC)

PCI Compliance New Requirements and Targeted Risk Analysis (TRA)

Learn more about Penetration Testing and new exploits in HALOCK’s Exploit Insider.

The Dangers of Legacy Protocols

Exploiting API Endpoints

Abusing Default Credentials

Weaponizing Legacy Software

PCI Targeted Risk Analysis & DoCRA

https://www.halock.com/pci-compliance-new-requirements-and-targeted-risk-analysis/

HIPAA & Penetration Testing & Incident Response Plans

https://www.halock.com/are-you-ready-for-the-enhanced-hipaa-requirements-for-penetration-testing-and-more/

Top Threats in Healthcare

https://www.halock.com/top-cyber-threats-in-healthcare/

Cloud Security Risk Management

https://www.halock.com/prioritized-findings-and-remediation-in-cloud-security-reporting/

Penetration Testing Reports to Manage and Prioritize Risk

https://www.halock.com/a-threat-based-approach-to-penetration-test-reporting/

Learn how Duty of Care Risk Analysis (DoCRA) can help you achieve reasonable security:

What is Duty of Care Risk Analysis (DoCRA) for Cybersecurity?

What is Duty of Care Risk Analysis (DoCRA) for General Counsel?

What is Duty of Care Risk Analysis (DoCRA) for Regulators?

What is Duty of Care Risk Analysis (DoCRA) for Auditors?

What is Duty of Care Risk Analysis (DoCRA) for Executives?

What is Duty of Care Risk Analysis (DoCRA) for Risk Managers?

Cindy Kaplan2025-08-07T21:12:43+00:00