PCI DSS v4.0 – Prepare for the March 2024 Deadline
The first implementation deadline for compliance with new PCI DSS v4.0 requirements is March 31, 2024. Keep reading to help your team maintain PCI compliance.
In March 2022, PCI DSS 4.0 was released, but the time to transition away from PCI DSS 3.2.1 is looming. As part of the transition, the PCI Security Standards Council has created a phased approach where organizations must align with immediate requirements by March 31, 2024, However, additional items listed as best practices won’t need to be validated until March 31, 2025.
Here’s everything you need to prepare for by the March 31, 2024, deadline, when PCI 3.2.1 will officially be retired.
Key Points
-
PCI DSS 4.0 was released in March 2022 to address evolving threats and technologies in the payment industry.
-
The transition period from PCI DSS 3.2.1 to 4.0 ends on March 31, 2024.
-
PCI DSS 4.0 introduces a phased approach, with immediate requirements to be aligned by March 31, 2024, and additional best practices by March 31, 2025.
-
The core goals of PCI DSS 4.0 include meeting the security needs of the payment industry, promoting continuous security processes, enhancing validation methods and procedures, and adding flexibility to security approaches.
-
Key changes in PCI DSS 4.0 include a customized approach to implementation and validation, stronger authentication measures, and updates to encryption, access privileges, and vulnerability management.
-
Immediate effective changes include encrypting or protecting stored sensitive data, implementing multi-factor authentication, and reviewing access privileges.