PCI 4.0 Implementing and Validating Requirements

Authored by Brian Odian for VikingCloud’s Compliance Elements Series, available on YouTube.

PCI DSS 4.0, just released, brings about 2 approaches for implementing and validating the requirements.  There is the Defined Approach and the Customized Approach.

As per the standard the Defined Approach “Follows the traditional method for implementing and validating PCI DSS and uses the Requirements and Testing Procedures defined within the standard.”  What remains as part of this approach is Compensating Controls.  Again, as stated in the new standard “As part of the defined approach, entities that cannot meet a PCI DSS requirement explicitly as stated due to a legitimate and documented technical or business constraint may implement other, or compensating con