Site icon

What Are PCI DSS Future-Dated Requirements?

future-dated PCI DSS featured

The good news? PCI DSS 4.0 is out, but the adoption schedule for the new standard is quite generous. The better news? The PCI Security Council has decided to implement a tiered approach to adoption. The first will finalize when the previous version (3.2.1) is officially retired in 2024. The second, known as the “future dated” requirements, will have an additional year. 

This article will cover the future-dated requirements from PCI DSS version 4.0.

 

What Are the PCI DSS Requirements?

One thing that hasn’t changed between version 3.2.1 and 4.0 is the core requirements of that standard. Both versions include the 12 requirements for security and privacy compliance. 

These 12 requirements, as defined in the PCI DSS documentation, are as follows:

 

What Is a Future-Dated Requirement?

There have been changes to these requirements between 3.2.1 and 4.0, including changes targeting cloud environments, expanded authentication, and mobile devices. 

Not all of these changes are created equal, however, and the PCI Security Council has determined that some of the more basic requirements can serve as the baseline for compliance before the retirement of 3.2.1, and other, more advanced requirements can be “future dated” to the first quarter of 2025.

What this means is that the future-dated requirements don’t need full implementation until this date. This doesn’t necessarily mean companies can altogether avoid implementation until the last minute. Rather, it’s understood that the initial push from 3.2.1 to 4.0 (scheduled to finish by March 2024) can serve as a foundation to complete the more advanced requirements. Until 2025, these advanced requirements will be considered “best practices.”

 

What New Requirements Are Future-Dated in PCI DSS 4.0?

So what, exactly, are these future-dated requirements? Many of them refer to more complex systems or practices that many businesses may not be familiar with.

Some of the future-dated requirements include:

 

Prepare for PCI DSS 4.0 with Continuum GRC

These requirements are some, but not all, of the changes and future-dated updates coming down the pipeline in PCI DSS 4.0. Even now, enterprise companies and SMBs alike are looking to the future to stay secure and get ahead of their security requirements. 

Continuum GRC is a platform that mixes a control- and risk-based approach to security so that our clients are prepared to meet regulatory challenges today and five years from now. 

Continuum GRC is cloud-based, always available and plugged into our team of experts. We provide risk management and compliance support for every major regulation and compliance framework on the market, including:

And more. We are also the only FedRAMP and StateRAMP authorized compliance and risk management solution in the world.

Continuum GRC is a proactive cyber security®, and the only FedRAMP and StateRAMP Authorized cybersecurity audit platform in the world. Call 1-888-896-6207 to discuss your organization’s cybersecurity needs and find out how we can help your organization protect its systems and ensure compliance.

[wpforms id=”43885″]

 

Exit mobile version