29
Oct
19

PCI DSS v4 Draft Is Out

According to a PCI SSC Blog post, the Request For Comment (RFC) phase has started for the newest version of the PCI DSS.  The draft can be obtained at the PCI Portal (https://programs.pcissc.org/) which QSAs, Participating Organizations (PO) and ASVs have access.  The RFC phase began yesterday and continues though December 13, 2019.

I tried to find the documents in the Portal, but I am guessing that only the Key Contacts for organizations have access.


4 Responses to “PCI DSS v4 Draft Is Out”


  1. October 30, 2019 at 7:42 AM

    Can confirm it was available for Primary Contact.

  2. October 29, 2019 at 4:26 PM

    You are correct, only Key Contacts have access. This has been done to ensure all comments from an organisation are collated and in the format required.

  3. 3 Steve
    October 29, 2019 at 3:47 PM

    The documents are only available to PCI SSC Participation Organizations (POs), Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs). It is said within the blog.

    • October 31, 2019 at 11:41 AM

      Even the Guru could not get them because I am not the Primary Contact for my QSAC. Only the primary contacts at each type of organization have access. That said, the NDA for these states that they cannot be shared our discussed outside of those approved participants.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


Announcements

If you are posting a comment, be patient, as the comments will not be published until they are approved.

If your organization has a PCI opportunity, is in need of assistance with a PCI issue or if you would like the PCI Guru to speak at your meeting, you can contact the PCI Guru at pciguru AT gmail DOT com.

I do allow vendors to post potential solutions in response to issues that I bring up in posts. However, the PCI Guru does not endorse any specific products, so "Caveat Emptor" - let the buyer beware. Also, if I feel that the response is too "sales-ee", I reserve the right to edit or not even authorize the response.

Calendar

October 2019
M T W T F S S
« Aug   Nov »
 123456
78910111213
14151617181920
21222324252627
28293031  

Enter your email address to subscribe to the PCI Guru blog and receive notifications of new posts by email.

Join 2,158 other followers


%d bloggers like this: