Just Published: PCI DSS v4.0.1

pci-dss-800x444-june

To address stakeholder feedback and questions received since PCI DSS v4.0 was published in March 2022, the PCI Security Standards Council (PCI SSC) has published a limited revision to the standard, PCI DSS v4.0.1. It includes corrections to formatting and typographical errors and clarifies the focus and intent of some of the requirements and guidance. There are no additional or deleted requirements in this revision.

To help ensure that the changes, clarifications, and additional guidance effectively support industry adoption of PCI DSS v4, the PCI SSC Board of Advisors, Global Executive Assessor Roundtable, and Principal Participating Organizations (through the Technology Guidance Group) were invited to review and provide feedback on the proposed changes during a Request for Comments (RFC) period that ran from December 2023 through January 2024. An RFC Feedback Summary is available to all RFC participants through the PCI SSC portal .

For a full description of changes, refer to the Summary of Changes from PCI DSS v4.0 to v4.0.1, available now in the PCI SSC Document Library . Some of the changes made in this update include:

Frequently Asked Questions about PCI DSS v4.0.1

When will PCI DSS v4.0 be retired?

As with all new versions of PCI DSS, there will be a period where both the current and updated version will be active at the same time. PCI DSS v4.0 will be retired on 31 December 2024. After that point, PCI DSS v4.0.1 will be the only active version of the standard supported by PCI SSC.

When in doubt, reference FAQ 1328 “Where can I find the current version of PCI DSS?” for more detail and links to additional FAQs about transitioning to an updated version of PCI DSS.

Does PCI DSS v4.0.1 change the 31 March 2025 effective date for the new requirements?

No. This limited revision does not impact the effective date of these new requirements.

Are there any new requirements in PCI DSS v4.0.1?

No. As this is a limited revision, there are no new or deleted requirements. Refer to the Summary of Changes from PCI DSS v4.0 to v4.0.1 for the full details.

When will the PCI DSS v4.0.1 Report on Compliance (ROC) Template and Attestations of Compliance (AOCs), along with the Self-Assessment Questionnaires (SAQs) be published?

The PCI DSS v4.0.1 Report on Compliance (ROC) Template and Attestations of Compliance (AOCs), along with the Self-Assessment Questionnaires (SAQs) are targeted for publication in Q3 and will be followed shortly by the publication of updated PCI DSS supporting documents, such as the Prioritized Approach tool.

Looking for More?