PCI Compliance

38 readers
1 users here now

Got questions about complying with PCI DSS or any of the other payment card industry standards? This is the place to talk about them, share info and best practices, etc.

Moderated by a QSA. However, any views or opinions are solely those of the author, and do not necessarily represent those of any organizations or entities the author may be associated with.

founded 1 year ago
MODERATORS
jimscard
listing: all - local
1
1
PCI DSS v4.0 INFI (Items Noted For Improvement) Worksheet and supporting materials published (docs-prv.pcisecuritystandards.org)
submitted 1 year ago by jimscard to c/pcicompliance
0 comments fedilink
 
 

When the PCI SSC first published PCI DSS v4.0, they included a findings option "In Place with Remediation" -- which they later removed from the standard due to it being confusing, and differences in opinion on its usage across the various PCI stakeholder groups.

In its place, the Council said that they would add a worksheet for the QSA to record items noted during the assessment that required remediation. The INFI is that worksheet.

Some important things to note:

  • The INFI is a required document for PCI DSS v4.0 assessments done by a QSA. ISAs are encouraged, but not required, to complete it.
  • The document's audience is the entity being assessed.
  • FAQs can be found here.