PCI DSS Version 4.0: What are the key changes in v4.0?
The changes in v4.0 are designed to meet a series of principles in a similar way that the control requirements are based on a set of principles. They are:
Promoting security as a continuous process
Enhancing validation methods and procedures
Continue to meet the security needs of the payment industry
From a more granular perspective, in v4.0 some of the changes will include:
- Authentication – The requirement for Multi-Factor Authentication will be expanded as well as updates to password requirements.
- Education and awareness – The introduction of requirements for e-commerce and phishing training.
- Governance – Rather than an overall expectation of roles and responsibilities, these will be expanded to ensure that they are clearly defined for each requirement within the PCI DSS.
- Account management – The allowance of group, shared and generic accounts.
- Risk management – The use of targeted risk analysis to empower an organisation to establish frequencies for certain activities.
This is not a comprehensive list, just an overview of some of the significant changes. As a Qualified Security Assessor (QSA) company, Xcina Consulting can assist your organisation with preparing for the changes in the standard.