atsec China (“atsec” for short in this article) has completed the training and examination on “PCI DSS QSA Version 4 Transition” provided by the Payment Card Industry Security Standards Council (PCI SSC) and became one of the first Qualified Security Assessors (QSA) companies globally to perform the assessment according to the new version of the PCI DSS standard (version 4.0).
PCI DSS v4.0 was released on 31 March 2022. The goals of the new evolution of the standard are: 1) to continue to meet the security needs of the payment industry, 2) to promote security as a continuous process, 3) to add flexibility for different methodologies, and 4) to enhance validation methods.
As one of the Global Executive Assessor Roundtable (GEAR) members, atsec was actively involved in the development of the new standard and related documentation (e.g., the reporting template).
Figure: PCI DSS v4.0 Implementation Timeline (Source from PCI SSC)
As shown in the figure above, on 31 March 2024, the old version of the standard PCI DSS v3.2.1 will be retired. atsec has developed and maintained its own tools and methodologies on PCI DSS v4.0 compliance and assessment. atsec is willing to support assessed entities to adopt the new standard efficiently and provides assessment services if needed during the transition period.