this post was submitted on 30 Jun 2023
1 points (100.0% liked)

PCI Compliance

37 readers
1 users here now

Got questions about complying with PCI DSS or any of the other payment card industry standards? This is the place to talk about them, share info and best practices, etc.

Moderated by a QSA. However, any views or opinions are solely those of the author, and do not necessarily represent those of any organizations or entities the author may be associated with.

founded 2 years ago
MODERATORS
jimscard
1
PCI DSS v4.0 INFI (Items Noted For Improvement) Worksheet and supporting materials published (docs-prv.pcisecuritystandards.org)
submitted 2 years ago by jimscard to c/pcicompliance
0 comments fedilink hide all child comments
 

When the PCI SSC first published PCI DSS v4.0, they included a findings option "In Place with Remediation" -- which they later removed from the standard due to it being confusing, and differences in opinion on its usage across the various PCI stakeholder groups.

In its place, the Council said that they would add a worksheet for the QSA to record items noted during the assessment that required remediation. The INFI is that worksheet.

Some important things to note:

  • The INFI is a required document for PCI DSS v4.0 assessments done by a QSA. ISAs are encouraged, but not required, to complete it.
  • The document's audience is the entity being assessed.
  • FAQs can be found here.
no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here