Who it applies to
PCI-DSS 4.0 became fully effective on 31 March 2025. Among the changes that bite hardest in our engagements: targeted risk analyses, expanded MFA requirements, and the new Customised Approach to satisfying many objectives.
What it requires
- Requirement 6: develop and maintain secure systems and software, including a vulnerability management programme
- Requirement 11.3: external and internal vulnerability scans, plus penetration testing
- Requirement 11.4: penetration testing of segmentation controls and CDE perimeter
- Requirement 12.6: security awareness programme
How Sandline helps
- External and internal pentests against the cardholder data environment, segmentation tests included
- PCI-DSS 4.0-aligned vulnerability scanning programme on Centraleyezer
- Awareness programme (Req 12.6) with audit-ready attendance evidence
- Letter-of-attestation reports your QSA can use directly