"PCI DSS 4.0 Released, Addresses Emerging Threats and Technologies"

The PCI Security Standards Council (PCI SSC) has released version 4.0 of the PCI Data Security Standard (PCI DSS). PCI DSS is a global standard that provides a baseline of technical and operational requirements designed to protect account data. PCI DSS is a global standard that establishes a baseline of technical and operational requirements for account data protection. The current version of PCI DSS, 3.2.1, will remain active for two years until it is retired on March 31, 2024, to give organizations time to understand the changes in the new version and implement any necessary updates. Organizations may assess to either PCI DSS 4.0 or PCI DSS 3.2.1 once assessors have completed PCI DSS 4.0 training. The standard also gives organizations more time to implement many of the new requirements. The standard was modified in response to feedback from the global payments industry. Over the course of three years, more than 200 organizations provided more than 6,000 items of feedback to ensure that the standard remains relevant in the complex, everchanging landscape of payment security. Examples of changes include updated firewall terminology for network security controls, the expansion of Requirement 8 to implement multi-factor authentication (MFA) for all access into the cardholder data environment, the addition of targeted risk analyses to allow entities the flexibility to define how frequently they perform certain activities, and more. This article continues to discuss PCI DSS 4.0 changes. 

Help Net Security reports "PCI DSS 4.0 Released, Addresses Emerging Threats and Technologies"