PCI Watch

Tracking changes across the Payment Card Industry
ℹ️
Reference Content: This is archived content from PCI Security Standards Council bulletins, preserved for tracking changes over time.
View Original →

PCI Security Standards Council Bulletin: PCI DSS v4.0 Reporting Updates

PDF

PCI Security Standards Council Bulletin:
PCI DSS v4.0 Reporting Updates
14 December 2022
In response to stakeholder feedback, PCI SSC has updated the PCI DSS v4.0 validation documents to
remove the “In Place with Remediation” reporting option.
This change applies to the PCI DSS v4.0 Report on Compliance (ROC) templates, Attestations of
Compliance (AOCs), and Self-Assessment Questionnaires (SAQs). There are no changes to the Standard.
To support organizations as they strive for security as a continuous process, the Council is creating a
separate worksheet for assessors to document information about areas needing improvement. This new
worksheet, along with additional guidance, such as FAQs and other supporting material to help
organizations understand and use this worksheet, will be available in early 2023.
For any questions about how this update impacts in-progress or completed PCI DSS v4.0 assessments,
please contact your compliance-accepting entity. See FAQ 1142 “How do I contact the Payment Card
Brands” for payment brand contact details.
In addition to removing “In Place with Remediation,” the document updates include some clarifications
and formatting corrections. The updated validation documents are available now and can be found in
the Document Library.
For additional information on this change, please read the following blog post: Changes to PCI DSS v4.0
Reporting: In Place with Remediation
###