In October 2019, actual drafts of PCI DSS v4.0 will be distributed to stakeholders to review. All Participating Organizations, Qualified Security Assessors (QSAs), and Approved Scanning Vendors (ASVs) will be invited to participate.
Another round of feedback will occur in mid-2020.
The request for comment (RFC) process will also be a key discussion topic at the 2019 PCI Community Meetings in Vancouver, Dublin, and Melbourne.
The 12 core requirements will not fundamentally change in PCI DSS version 4.0. Updates will be made to improve security and provide more flexibility for meeting security objectives. The upcoming RFC will include the full draft of the standard, along with information about the proposed changes.
With this in mind, the planned updates for PCI DSS v4.0 include:
- Add and revise requirements to address evolving risks and threats to payment data and to reinforce security as a continuous process; and
- Redesign requirements and validation options to focus on security objectives and support organizations using different methodologies to meet the intent of PCI DSS requirements.
PCI DSS v4.0 will not publish until late 2020, at the earliest. And rest assured that once it is published, there will be a transition period.
Ad below this line: