New framework added: PCI-DSS Version 4.0.1

What's new?

Scrut now supports PCI-DSS Version 4.0.1 as part of our expanding library of 60+ compliance frameworks. Released on June 11, 2024, PCI DSS Version 4.0.1 is a limited revision to the Payment Card Industry Data Security Standard (PCI DSS).

This update builds upon the significant overhaul introduced in Version 4.0 (March 2022) by providing essential corrections, clarifications, and refinements. It aims to improve the usability, consistency, and effectiveness of the standard for organizations that process, store, transmit, or impact the security of cardholder data and/or sensitive authentication data.

Why it matters

PCI DSS v4.0.1 is crucial for ensuring accurate and consistent interpretation and implementation of the standard. It addresses feedback from the community and corrects ambiguities present in the initial 4.0 release. Key areas of refinement include:

• Clarifications to Requirements: Enhanced explanations and updated wording for several requirements and guidance points to facilitate a better understanding of the standard's intent. For example, the definition of "necessary" in the context of payment page scripts (Requirement 6.4.3) now requires a business or technical justification.

• Payment Page Integrity: Clarifications around the applicability of Requirement 6.4.3 (managing payment page scripts) and Requirement 11.6.1 (tamper-detection mechanisms), particularly for entities hosting payment processor pages in iframes. Version 4.0.1 now clarifies that unauthorized code cannot be executed on the payment page.

• Typographical and Formatting Corrections: Numerous minor errors, typos, and inconsistencies have been corrected throughout the document to enhance readability and comprehension.

How it works

Scrut now supports PCI DSS Version 4.0.1 in the Frameworks module, empowering customers to:

• Seamlessly align with the refined requirements and clarified guidance of PCI DSS 4.0.1, ensuring accurate interpretation and implementation.

• Leverage our pre-mapped controls and automated workflows to efficiently update your compliance efforts from PCI DSS 4.0 to 4.0.1, minimizing disruption.

• Scrut reflects the updated wording and clarifications, helping your team avoid misinterpretations and streamline your compliance processes.

• Assign control owners, track implementation status, and generate detailed reports to maintain continuous compliance and prepare for assessments.

By incorporating PCI DSS 4.0.1, we enable our customers to stay ahead of evolving payment security standards, ensuring robust protection of cardholder data with reduced complexity and manual overhead.

Need help?

Your Customer Success Manager (CSM) is always ready to help if you need assistance. Explore all recent product updates → View now.