Archive for April, 2022

29
Apr
22

The SAQs Have Been Published

Just a quick post to let everyone know that the PCI SSC has published the version 4 Self-Assessment Questionnaires (SAQs). You can get them under the Documents Library and select SAQS.

20
Apr
22

The Gag Is Coming Off!

Coming Thursday, April 28, to an internet connection near you!

The PCI Dream Team of Ben Rothke, Art “Coop” Cooper, David Mundhenk and the PCI Guru himself will finally be able to openly discuss PCI DSS v4 – warts and all!

So, bring your questions and concerns to this open discussion of v4. As always, if you cannot attend the live session, you can submit your questions to pcidreamteam AT gmail DOT com.

Register here for this session.

We look forward to “seeing” everyone there.

03
Apr
22

PCI DSS v4 First Blush Comments

All I can say is Wow!  WOW! 

There is a LOT of “busy work” in this version. 

For any QSA that does not have access to some form of tool for filling this bad boy out, heaven help you.  It seems that the Council has declared war on the QSACs and QSAs.  I would venture a guess that the number of hours required to fill out and ticking and tying things will be twice the amount of time a QSA spends on actually doing the assessment. 

Sadly, it is painfully obvious as to why this has happened. 

I am sure it is to get back at all of the “ROC Mills” out there (you know who you are) that conduct PCI assessments by essentially licking a finger, putting it in the air and sensing which way the wind is blowing, i.e., “you are compliant!” 

But sadder still are the poor merchants and service providers that are now collateral damage in this “war”.  I would not be surprised that, if after reviewing this Albatross of a standard, those merchants and service providers revolt.  That constituency is not going to pay for the overhead in this new version.  Even those that have done the correct thing and minimized their scope are going to get screwed over because of all of the “busy work” required to even complete their assessments. 

If the Council wanted to find a way to put themselves out of business, I think they have found that in v4. 

I thought I was only joking in my April Fool’s Day post about “Miserable Edition”.  But I was apparently spot on.  I cannot wait to attend training on this abomination to understand their justification for making a PCI assessment even more miserable than it already was. 




Welcome to the PCI Guru blog. The PCI Guru reserves the right to censor comments as they see fit. Sales people beware! This is not a place to push your goods and services.

April 2022
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930