What is PCI DSS v4.0.1, and why was it introduced?
PCI DSS v4.0.1 is a minor revision to PCI DSS v4.0, that clarifies requirements, corrects errors, and improves usability of the standard. These updates ensure a smoother transition for organisations working towards compliance and maintaining security best practices. The changes were made in response to feedback from industry stakeholders, including merchants, service providers, and assessors, to enhance clarity and consistency in implementing PCI DSS v4.0.
What are the key changes?
PCI DSS v4.0.1 does not introduce new security requirements but includes:
Clarifications to existing requirements to improve understanding and implementation.
Corrections of errors such as typos, inconsistencies, and ambiguous wording.
Guidance updates to align with evolving cybersecurity threats and best practices.
Minor formatting and numbering adjustments for better readability.
The updates do not alter the core security principles or compliance deadlines from PCI DSS v4.0.
When do organisations need to comply with PCI DSS v4.0.1?
Organisations that are currently working towards achieving or maintaining PCI DSS v4.0 compliance should transition to PCI DSS v4.0.1 immediately as the latest version is now in effect. Since this update does not introduce new requirements, the original compliance deadlines remain the same:
PCI DSS v3.2.1 was retired on March 31, 2024
PCI DSS v4.0 is currently in effect
New v4.0 requirements become mandatory on March 31, 2025
What do organisations need to do to remain compliant?
Organisations should:
Review the updated PCI DSS v4.0.1 documentation to understand the clarifications and corrections.
Ensure their security policies, processes, and documentation align with the revised guidance.
Communicate with Qualified Security Assessors (QSAs) or internal compliance teams to confirm any necessary adjustments.
Continue preparations for the mandatory v4.0 requirements by March 31, 2025.
Where can organisations find the updated PCI DSS v4.0.1 standard?
Contact us and talk directly to one of our instructors about the role training plays in PCI DSS compliance and the training course or courses to best suit your needs.
Additionally, learn more about how Security Awareness Training supports an organisation-wide culture of security and how the Secure Coding for PCI DSS course helps developers to apply the secure coding and application security standards needed for applications that process card payments and/or cardholder data.
