Transition to the new PCI DSS v4.0 is in everyone’s mind right now. The PCI Security Standards Council (PCI SSC) issued version 4.0 of the PCI Data Security Standard (PCI DSS) on March 31, 2022. The PCI DSS is a global standard that establishes a baseline of technical and operational standards for protecting account data. For those who already in the process to use PCI DSS for compliance, all is expect to do so in the PCI DSS v4.0 manner. It here to replace previous PCD DSS v3.2.1 and become the new standard for that domain.
The transition period allow is from March 2022 to March 31, 2024, for a one year period. In another word, existing PCI DSS v3.2.1 will be retired on March 31, 2024. We will expect for all the existing training, resources and material will be undergoing transition and update to PCI DSS v4.0.
Multi-factor authentication (MFA) be the new password requirements. It does not surprise to see it, since other industries and best practices are starting to implement it, and which indeed, make it harder to be targeted and subject to weak authentication mechanisms.
Promote security as a continuous process. Where ongoing security controls are required to demonstrate to protect payment data. This is no need and where it is indeed and good to enforce. In particular 24x7x365 online payment infrastructure and facility, it will be subject to attack anytime anywhere in the world.
Enhance validation methods and procedures to make sure better alignment between information reported in a Report on Compliance or Self-Assessment Questionnaire and information summarised in an Attestation of Compliance. It make every one involve in the compliance, whether from the preparation to final report delivery and communication has a clear validation and reporting options support transparency and granularity.
If it is new to you or you are in the process of transition, feel free to attend various seminars and workshops E-SPIN will be offered for the enterprise customers. E-SPIN Group in the enterprise ICT solution supply, consultancy, project management, training and maintenance for corporation and government agencies did business across the region and via the channel. Feel free to contact E-SPIN for your project requirement and inquiry.
Related post that may interest you: