PCI DSS v3.2.1 is Retiring on 31 March 2024 – Are You Ready?

3 months ago AndyC

With 31 March 2024 rapidly approaching, Lauren Holloway, Director, Data Security Standards, shares some key questions, answers, and resources to help entities successfully transition to PCI DSS v4.0.

PCI DSS v3.2.1 is Retiring on 31 March 2024 – Are You Ready?

With 31 March 2024 rapidly approaching, Lauren Holloway, Director, Data Security Standards, shares some key questions, answers, and resources to help entities successfully transition to PCI DSS v4.0.

Where to Begin 
Whether you have already started the transition or are not sure where to begin, here are Eight Steps for the Journey to PCI DSS v4.0.  

New Requirements
There are more than 50 new requirements in PCI DSS v4.0 – do you know which ones apply to you and what you need to do to meet them? 

  • For the complete list of new requirements, including those that are effective immediately and those that are effective on 31 March 2025, review the Summary of Changes. 
  • To understand how to meet the new requirements, you can find detailed guidance, best practices, and implementation examples in the requirements’ Guidance Column in the Standard. 

SAQ Changes    
Every SAQ has been updated for PCI DSS v4.0 and most SAQs have more requirements.  Do you know what these updates mean for you?   

  • For detailed guidance on what is new in the SAQs, read the SAQ Instructions and Guidelines. 
  • To understand how to meet the new requirements, you can find detailed guidance, best practices, and implementation examples in the requirements’ Guidance Column in the Standard.  

Frequently Asked Questions   
Will my PCI DSS v3.2.1 assessment expire on 31 March 2024? 

  1. No. The period that a PCI DSS v3.2.1 assessment result is valid does not change when v3.2.1 is retired. However, there may be other considerations. Find out more about transitioning from an expired standard here.  

What if my service providers have not yet validated to v4.0?  

  1. Depending on when an organization transitions to a newer version of PCI DSS, they might find that some of their service providers are still validated to the previous version. During this time, the organization should confirm some details with their service provider. More information can be found in this FAQ. 

Looking for More? 
There are many more FAQs (Frequently Asked Questions) to help you with PCI DSS v4.0 – search our FAQ Page for answers to your questions.     

View all PCI DSS v4.0 resources on the PCI DSS v4.0 Resource Hub

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , ,

More Stories

Resource Guide: Earn Continuing Professional Education Credits Through the Council

Resource Guide: Earn Continuing Professional Education Credits Through the Council

5 days ago AndyC

Giving NIST Digital Identity Guidelines a Boost: Supplement for Incorporating Syncable Authenticators

6 days ago AndyC
PCI DSS v4: What’s New with Self-Assessment Questionnaires

PCI DSS v4: What’s New with Self-Assessment Questionnaires

1 month ago AndyC
Spotlight On: HUMAN Security, a New Principal Participating Organization

Spotlight On: HUMAN Security, a New Principal Participating Organization

1 month ago AndyC
Coffee with the Council Podcast: A Reflection on 40 Years in the Payments Industry

Coffee with the Council Podcast: A Reflection on 40 Years in the Payments Industry

1 month ago AndyC

Protecting Model Updates in Privacy-Preserving Federated Learning

1 month ago AndyC

You may have missed

Barracuda report explores challenges in managing cyber risks

Barracuda report explores challenges in managing cyber risks

38 mins ago AndyC
Aqua Security launches SaaS cloud security platform in Australia

Aqua Security launches SaaS cloud security platform in Australia

38 mins ago AndyC
Radware unveils AI-powered DNS DDoS protection solution

Radware unveils AI-powered DNS DDoS protection solution

38 mins ago AndyC
<div>John Griffin steps in as Logicalis Australia's new CTO</div>

John Griffin steps in as Logicalis Australia’s new CTO

38 mins ago AndyC
DigiCert recruits seasoned CMO Atri Chatterjee in quest for bn revenue

DigiCert recruits seasoned CMO Atri Chatterjee in quest for $1bn revenue

38 mins ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.