How is this Going to Impact my Business?
Overall Impact of PCI DSS v4.0
Organizations will have until March 31, 2024 before they will no longer be able to validate their compliance using version 3.2.1 of the SAQs.
While organizations can continue to validate their compliance using version 3.2.1, you should start now to implement any missing controls that would be required to validate to version 4.0.
SAQs Will Take Longer to Fill Out
Something to be aware of is that almost every question in the PCI v4.0 SAQ was re-worded and re-ordered, meaning that filling out the SAQ may take more time. Since all of the questions have been reworded, it means that EVERY business will need to answer additional questions, even if nothing in your network has changed.
To help mitigate this, our very best support agents worked together, combing through the 3.2.1 and the 4.0 SAQs to find as many questions as possible that would map over. By using SecurityMetrics' FastPass, you could reduce the amount of questions you'd need to answer by a significant amount.