PCI Security Standards Council Bulletin: SAQs for PCI DSS v4.0.1 Now Available

2024-10-15T15:04:01+00:00 PDF

PC
I Security Standards Council Bulletin: SAQs for PCI DSS v4.0.1 Now Available
15
October 2024
The PCI Security Standards Council has published the Self-Assessment Questionnaires (SAQs) for PCI
DSS v4.0.1. The SAQs are validation tools intended to assist SAQ-eligible merchants and service
providers in performing and reporting the results of their PCI DSS self-assessment.
U
pdates to SAQs for PCI DSS v4.0.1 reflect requirement changes in PCI DSS v4.0.1 and incorporate
feedback received from the industry, including:
• Aligning requirement content with PCI DSS v4.0.1
• Clarifying SAQ Eligibility Criteria in SAQs A, A-EP, and C-VT
• Adding a requirement to SAQ A and removing a requirement from SAQ C
• Updating SAQ Completion Guidance in SAQs A and A-EP.
See the Document Changes table at the beginning of each SAQ for specific details.
The SAQ Instructions and Guidelines document has also been published to align with updates made to
the SAQs for PCI DSS v4.0.1. This document contains information about all PCI DSS v4.0.1 SAQs,
including guidance on the intent of the SAQs, eligibility criteria for the SAQs, and how to complete an
SAQ.
PCI DSS v4.0.1 SAQs and the PCI DSS v4.0.1 SAQ Instructions and Guidelines document can be found
using the “SAQ” filter in the PCI SSC Document Library on the PCI SSC website.
M
erchants should confirm they meet all eligibility criteria for a particular SAQ before commencing their
self-assessment. All entities completing SAQs are encouraged to first contact the entity to which the SAQ
will be submitted to confirm they are eligible to complete a SAQ to validate PCI DSS compliance, and to
understand any specific requirements or instructions.
The SAQs for PCI DSS v4.0 will remain active until PCI DSS v4.0 is retired on 31 December 2024.
###