All framework guides
Help Center · Framework guide
PCI DSS v4.0
PCI DSS · Financial · Global · v4.0
PaymentsCardholder DataMerchant
Overview
PCI DSS v4.0 defines security requirements for organizations that store, process, or transmit cardholder data.
14 controls available in ComplAI for this framework.
Who it's for
- Merchants and payment service providers
- Fintech platforms in the card data environment
- Teams preparing for SAQ or ROC assessments
Why it matters
Card brands and acquirers require PCI compliance. Continuous control tracking reduces assessment friction and scope creep risk.
Cardholder data environment scopeNetwork and access securityVulnerability and logging controlsPolicies and evidence for assessors
How ComplAI helps
- Activate PCI DSS in the Framework Library to load its control catalog
- Assign owners, track compliance status, and attach evidence per control
- Use risk register and issues workflows when controls fail or deviate
- Export readiness views for leadership and auditors
Sample controls
- network security
Req 1
Network security controls
- change management
Req 2
Secure configurations
- cryptography
Req 3
Protect stored account data
- cryptography
Req 4
Protect data in transit
- vulnerability management
Req 5
Protect against malware
- change management
Req 6
Secure systems and software
Getting started
- Open Framework Library and activate PCI DSS
- Review the control list and prioritize high-impact domains
- Attach policies, procedures, and technical evidence
- Mark controls audit-ready and monitor residual gaps
