- If ChatGPT produces AI-generated code for your app, who does it really belong to?
- The best iPhone power banks of 2024: Expert tested and reviewed
- The best NAS devices of 2024: Expert tested
- Four Ways to Harden Your Code Against Security Vulnerabilities and Weaknesses
- I converted this Windows 11 Mini PC into a Linux workstation - and didn't regret it
PCI SSC Releases ROC Template for PCI DSS v4.0.1
The PCI Security Standards Council (PCI SSC) has released the PCI Data Security Standard (PCI DSS) Report on Compliance (ROC) Template for v4.0.1 to align with PCI DSS version 4.0.1, to address minor errors, and to reformat the template.
The ROC Template, which was originally planned to be published in June along with PCI DSS v4.0.1, was delayed so that PCI SSC could additionally address much of the feedback received from stakeholders regarding usability and performance. This feedback included that the PCI DSS v4.0 ROC template took too long to complete, required redundant information, and resulted in a large final report subject to performance issues. The Council engaged with the Global Executive Assessor Roundtable (GEAR), the Board of Advisors (BOA), the Technology Advisory Board (TAB), and the Technology Guidance Group (TGG) to collaborate on the final version of the new ROC Template.
The PCI DSS v4.0.1 ROC Template is now available in the PCI SSC Document Library. A Summary of Changes from ROC Template v4.0 to v4.0.1 is also available.
In addition to the ROC Template and the Summary of Changes from ROC Template v4.0 to v4.0.1, the following related documents were also published to the PCI SSC Document Library: the PCI DSS v4.0.1 ROC Attestations of Compliance (AOCs) for merchants and service providers, ROC Template Frequently Asked Questions, Sample Customized Approach Templates, and the Designated Entities Supplemental Validation (DESV) ROC and DESV AOC.
The Council is also updating the Self-Assessment Questionnaires (SAQs) and SAQ AOCs for v4.0.1 and will announce when these new versions are available.