PCI DSS v4 Draft Is Out

According to a PCI SSC Blog post, the Request For Comment (RFC) phase has started for the newest version of the PCI DSS.  The draft can be obtained at the PCI Portal (https://programs.pcissc.org/) which QSAs, Participating Organizations (PO) and ASVs have access.  The RFC phase began yesterday and continues though December 13, 2019.

I tried to find the documents in the Portal, but I am guessing that only the Key Contacts for organizations have access.

4 Responses to “PCI DSS v4 Draft Is Out”

  1. October 30, 2019 at 7:42 AM

    Can confirm it was available for Primary Contact.

  2. October 29, 2019 at 4:26 PM

    You are correct, only Key Contacts have access. This has been done to ensure all comments from an organisation are collated and in the format required.

  3. 3 Steve
    October 29, 2019 at 3:47 PM

    The documents are only available to PCI SSC Participation Organizations (POs), Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs). It is said within the blog.

    • October 31, 2019 at 11:41 AM

      Even the Guru could not get them because I am not the Primary Contact for my QSAC. Only the primary contacts at each type of organization have access. That said, the NDA for these states that they cannot be shared our discussed outside of those approved participants.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


If you are posting a comment, be patient, as the comments will not be published until they are approved.

If your organization has a PCI opportunity, is in need of assistance with a PCI issue or if you would like the PCI Guru to speak at your meeting, you can contact the PCI Guru at pciguru AT gmail DOT com.

I do allow vendors to post potential solutions in response to issues that I bring up in posts. However, the PCI Guru does not endorse any specific products, so "Caveat Emptor" - let the buyer beware. Also, if I feel that the response is too "sales-ee", I reserve the right to edit or not even authorize the response.


October 2019

Enter your email address to subscribe to the PCI Guru blog and receive notifications of new posts by email.

Join 2,422 other followers

%d bloggers like this: