Page 23 - Cyber Defense eMagazine Annual RSA Edition for 2024
P. 23

PCI 4.0 includes more than 60 new requirements, SIEM is now mandatory and there is an additional
            evidentiary burden for documentation and artifacts.

            This puts a lot of strain on most companies, so they need a certified and experienced partner that help
            them on an easy path to compliance. And if the company is already certified, they will also need a partner
            to help them transition from PCI DSS 3.2.1 to version 4.0.


            PCI DSS 4.0 Highlights:


            Defined and Customized Approach:

            Version  4.0  introduces  the  concept  of  a  customized  approach,  allowing  organizations  to  implement
            security controls flexibly to meet established objectives. This approach supports innovation in security
            practices, providing greater flexibility to organizations.

            Authentication:

            Notable changes to the authentication and login process are implemented, including an increase in the
            number  of  attempts  before  account  lockout,  longer  password  lengths,  and  mandatory  multi-factor
            authentication for all CDE access.

            Risk Management and Awareness:

            Version  4.0  introduces  new  requirements  and  modifications  associated  with  risk  management  and
            security awareness, supported by specific and documented risk analyses.

            Secure Development, Monitoring, and Vulnerability Management:

            More stringent requirements are introduced in secure development, asset monitoring, and vulnerability
            management. Of particular note are the implementation of a WAF for public web applications and the use
            of automated tools for detecting phishing attacks.

            Encryption:

            Encryption changes include the PAN mask showing only the BIN and last four digits, and the mandatory
            use of cryptographic hashes with key to make the PAN unreadable.


            Companies Need a Partner in Compliance and Security

            Companies need a partner that helps them walk through an easy path to PCI DSS 4.0 compliance,
            including a team of Qualified Security Assessors (QSAs), who and certified by the PCI Security Standards
            Council and are fully trained on all key changes to PCI 4.0 requirements.












                                                                                                              23
   18   19   20   21   22   23   24   25   26   27   28