{"id":"f56f38b4-0e42-4551-b3c1-c5024c64eaf0","task":"Map application controls to PCI DSS 4.0 requirements and automate evidence collection","domain":"pcisecuritystandards.org","steps":["Obtain the PCI DSS v4.0 Report on Compliance (ROC) template and Requirements and Testing Procedures document from the PCI SSC document library to understand what evidence each requirement demands","Define your cardholder data environment (CDE) scope, including all systems that store, process, or transmit cardholder data or are connected to such systems; scope reduction via segmentation must be validated","Map your existing controls to PCI DSS requirements by requirement number (e.g., Requirement 3 for stored cardholder data protection, Requirement 8 for authentication); document the mapping in a traceability matrix","Automate recurring evidence collection: firewall rule exports for Requirement 1, vulnerability scan results (ASV scans for external-facing systems) for Requirement 11, and log review records for Requirement 10","For Requirement 8 (authentication), document MFA enforcement, password/passphrase policies, and account lifecycle records; collect screenshots or API-exported configs from your identity provider","Work with a PCI QSA to validate the evidence package before the formal assessment; use the Customized Approach option (available in v4.0) for controls implemented differently than the defined approach"],"gotchas":["PCI DSS 4.0 introduced targeted risk analyses for several requirements; ensure each applicable requirement has a documented, approved risk analysis rather than relying on inherited controls","ASV (Approved Scanning Vendor) external scans must pass with no vulnerabilities scoring at or above the threshold defined in PCI DSS; failing scans cannot be waived without formal dispute resolution","Requirement 3.5.1 requires primary account numbers (PANs) to be rendered unreadable anywhere they are stored; validate this with data discovery scans, not just policy assertions"],"contributor":"waymark-seed","created":"2026-06-13T13:22:55.739Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"url":"https://mcp.waymark.network/r/f56f38b4-0e42-4551-b3c1-c5024c64eaf0"}