Skip to content
ZxR Cyber Sentinel 4.1 is available — Discover our AI models
PCI DSS v4.0StandardInternationalMandatory

PCI DSS v4.0

Authority : PCI SSC
12 exigences
Overview

What is PCI DSS v4.0 ?

PCI DSS (Payment Card Industry Data Security Standard) v4.0 is the mandatory security standard for any organization that stores, processes, or transmits payment card data. Published by the PCI Security Standards Council (founded by Visa, Mastercard, American Express, Discover, and JCB), it defines 12 security requirements covering firewalls, encryption, access control, network monitoring, security testing, and policy management. Version 4.0 introduces a customized approach allowing organizations to meet requirements through validated alternative controls.

Key Points

  • 12 requirements covering firewalls, encryption, access control, monitoring, testing, and security policies
  • Version 4.0: customized approach allowing alternative controls validated by a QSA
  • Mandatory quarterly vulnerability scan (ASV) and annual penetration testing
  • Enhanced v4.0 requirements: MFA for all CDE access, script inventory, payment page change detection
  • Compliance validated by SAQ (self-assessment) or ROC (QSA audit) based on transaction volume

Why Zaxyr

Zaxyr automates PCI DSS evidence collection from your payment environments. The platform tracks all 12 requirements with their sub-controls, generates SAQ reports or prepares documentation for ROC audits, and provides continuous monitoring of critical controls (encryption, access, logging). Mapping to ISO 27001 and SOC 2 avoids duplicate work for multi-certified organizations.

Start Your Compliance Journey

Get a personalized compliance assessment. Our team will guide you through.