This week, the PCI Security Standards Council (PCI SSC) announced that it published the Self-Assessment Questionnaires (SAQs) for PCI DSS v4.0.1. [See the PCI SSC Bulletin]
With the help of SAQs, eligible merchants and service providers can prove their compliance with PCI DSS by means of a self-assessment. The SAQs according to PCI DSS v4.0.1 are valid exclusively from January 1, 2025. Until then, companies can decide for themselves whether they wish to complete their self-assessment with an SAQ according to PCI DSS v4.0 or v4.0.1.
The update of the SAQs according to PCI DSS v4.0.1 reflects changes to the requirements of PCI DSS v4.0.1 on the one hand and also implements feedback from the industry:
- Aligning requirement content with PCI DSS v4.0.1
- Clarifying SAQ Eligibility Criteria in SAQs A, A-EP, and C-VT
- Adding a requirement to SAQ A and removing a requirement from SAQ C
- Updating SAQ Completion Guidance in SAQs A and A-EP
The SAQ Instructions and Guidelines document has also been published to align with the SAQ updates for PCI DSS v4.0.1. This document provides information on all PCI DSS v4.0.1 SAQs, including an explanation of the intent of the SAQs, the eligibility criteria for the SAQs, and how to complete an SAQ. The PCI DSS v4.0.1 SAQs and the document “PCI DSS v4.0.1 SAQ Instructions and Guidelines” can be found using the “SAQ” filter in the PCI SSC Document Library on the PCI SSC website.
Do you need help preparing for or implementing PCI DSS v4.0.1 in your company? Get in touch - our experts are happy to help.
