Archive for July 6th, 2022


PCI DSS v4 Transition Training Arrives

I received an email from the Council today that announced that PCI DSS v4 Transition Training will begin to be available through the PCI Portal the week of July 11 for all current QSAs.

According to their message:

“The training takes between 4-5 hours to complete and is based on documents that are already available:

  • PCI DSS Requirements and Testing Procedures Version 4.0
  • PCI DSS v4.0 Report on Compliance Template
  • PCI DSS v3.2.1 to v4.0 Summary of Changes
  • PCI DSS v4.0 AOCs and SAQs
  • PCI DSS v4.x Report on Compliance Template – Frequently Asked Questions

We recommend assessors download these documents before taking the training course. There will be an exam that follows the training. The exam is an open book, 25 multiple-choice questions, which you will have 60 minutes to complete. The questions are based on the course content and associated documents (listed above). You will be granted access to the exam via the Portal once you have completed the training. Once you pass the exam, with a 75% or higher, the website listings will be updated to reflect that you are now qualified to lead an assessment using PCI DSS v4.0.

Important exam information summarized:

  • 25 multiple-choice questions
  • Open book
  • Available via the Portal after you complete the transition training
  • 60 minutes long
  • 75% or higher score to pass

Once the training is available, you will receive an email with instructions on how to access the training and take the exam.”

Best of luck to everyone on passing this new QSA requirement.

UPDATE: I passed the PCI DSS v4 Transition Training on July 17. A lot of material in the presentations but it is good stuff and I found it very informative. I still have questions about how the tables in section 6 of the ROC work and have asked for additional clarifications. My biggest concern is avoiding the debacle a lot of QSACs went through when we all went through the first AQM process and most ended up in remediation.


Welcome to the PCI Guru blog. The PCI Guru reserves the right to censor comments as they see fit. Sales people beware! This is not a place to push your goods and services.

July 2022