The PCI council has been working hard to update and deliver a new version of the PCI DSS standard. Currently, the target date for the PCI DSS v4.0 release is estimated to be March 2022. This revision will be requesting for industry professionals to review and provide feedback about the draft before the final version is released in March. The purpose of having industry feedback is to also allow QSA’s and AVS’s to familiarize themselves with the new requirements coming in v4.0 ahead of time.

The PCI council will be providing merchants with a transition period where 3.2.1 will remain active for 18months once v4.0 is fully released with all relevant materials. It is also expected that this update will contain multiple future-dated requirements. A future dated requirement provides organizations additional time to implement specific requirements which may be more complex in nature.

PCI stakeholders, QSA, and ASV’s can now participate in an RFC on a draft for the PCI DSS v4.0 validation documents. This RFC requests feedback on drafts of the v4.0 RoC and AoC as well as introduces a new approach to the merchant self-assessments, now being called merchant assessment forms (MAF). For more information on the PCI DSS v4.0 draft and how to register visit https://www.pcisecuritystandards.org/