The Council has a blog post about the upcoming revision to the data security standard, version 4.
While talking about version 4, the council has specifically identified the following industry feedback related to the DSS:
- Authentication, specifically consideration for the NIST MFA/password guidance
- Broader applicability for encrypting cardholder data on trusted networks
- Monitoring requirements to consider technology advancement
- Greater frequency of testing of critical controls; for example, incorporating some requirements from the Designated Entities Supplemental Validation (PCI DSS Appendix A3) into regular PCI SS requirements.
All of which are aligned with the stated key high-level goals for PCI DSS v4.0:
- Ensure the standard continues to meet the security needs of the payments industry
- Add flexibility and support of additional methodologies to achieve security
- Promote security as a continuous process
- Enhance validation methods and procedures.
PCI DSS v4.0 is not anticipated for release prior to late 2020.
Ad below this line:
