By Mike Killinger, GRC Solutions Consultant
We’ve heard it for a while, but soon enough it’s actually going to happen. That’s right, the PCI Council will release their newly created PCI DSS 4.0 version to replace PCI DSS 3.2.1.
Currently, as a Participating Organization (PO), we have access to a draft version of PCI DSS v4.0 and a draft summary of changes document so that we can prepare to help our customers once the new version is live.
What does PCI DSS 4.0 mean for you?
More than likely, you’ll have some gaps in your compliance program that you may need to address in order to maintain your PCI DSS compliance. While the PCI Council will allow time to migrate to the new 4.0 version, we can help streamline and simplify the process.
Identifying Gaps in PCI DSS Compliance Program
If you currently have PCI DSS 3.2.1 loaded as a program in your Reciprocity® ZenGRC® instance, we can work with you to load a new PCI DSS 4.0 program (when released, of course) and map the controls, thus easily identifying where you may have control gaps.
Addressing Gaps in PCI DSS Compliance Program
After we identify the gaps, we can work together to create an audit and develop a plan to remediate any issues which were identified by the audit.
1) If you are ready to begin a new complete audit of your in-scope PCI DSS controls we can assist in creating that audit utilizing your new PCI DSS 4.0 program and creating a seamless transition to the new release.
2) If you are not ready to create a new audit, we can work with you to build an audit to test the new PCI 4.0 controls and get a jump start on meeting the new PCI 4.0 requirements.
What Can You Do Now?
Keep checking back with us here at Reciprocity as we’ll post more when we know more. If you have questions regarding your PCI DSS program and the migration from PCI DSS 3.2.1 to PCI DSS 4.0, contact us and schedule some time to talk through the process with one of our GRC Experts.
You can also keep up-to-date on PCI information via the PCI web page:
https://www.pcisecuritystandards.org/
