PCI DSS v4.0 Timeline Updated to Support an Additional RFC

Industry feedback is fundamental to the evolution of the PCI Data Security Standard (PCI DSS). Because of the broad impact PCI DSS has on the payment community, the Council is seeking additional feedback into the PCI DSS v4.0 validation documents. As a result of expanding stakeholder feedback opportunities to include these supporting documents, the Council is now targeting a Q4 2021 completion date for PCI DSS v4.0. The publication and availability of PCI DSS v4.0 is still being determined. The Council will communicate the targeted publication date in the coming months.

The Council will hold an RFC on drafts of the v4.0 Report on Compliance (ROC) template, Self-Assessment Questionnaires (SAQs), and Attestation of Compliance (AOC) validation documents. The RFC is planned for June 2021. Details on how to participate in the RFC will be provided over the coming months.

It is important to note that the new timeline will still include a transition period to support migration from PCI DSS v3.2.1 to v4.0, and time will also be provided to allow entities to meet any new future-dated requirements.

The Council will provide additional information on the PCI DSS v4.0 timeline changes during the year. Subscribe to the PCI Perspectives blog to stay up to date on the progress of PCI DSS v4.0.