The New PCI INFI Worksheet

Reading Time: 2 minutes

Share:

On June 28, 2023, the Payment Card Industry Security Standards Council (PCI SSC) published a new worksheet, “PCI DSS v4.x Items Noted for Improvement (INFI).” This document is to be completed for all v4.0 PCI Data Security Standard (PCI DSS) compliance assessments. If the assessed entity did not have items that were noted for improvement, the Qualified Security Assessor (QSA) must still complete the acknowledgment and attestation. If the QSA or assessed entity found that requirements were not consistently maintained, or if a control was not fully in place but the entity was able to address and correct the issues prior to completing the assessment, this worksheet needs to be filled out to document the requirement, the issue, who identified the issue, the cause of the failure, and the corrective and preventative actions taken by the assessed entity.

This worksheet is meant to remain as an internal document for the assessed entity and used as a tool to support continuous PCI DSS compliance. Though not required, this INFI worksheet can be used for PCI DSS v3.2.1 assessments.

The worksheet and supporting materials are linked below and can also be downloaded from the PCI SSC Document Library.

For more information about getting prepared for the changes ahead in the PCI DSS, and to learn how the Sikich PCI DSS 4.0 Jumpstart Program can help, reach out to our team of assessors.

This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.

SIGN-UP FOR INSIGHTS

Join 14,000+ business executives and decision makers

Upcoming Events

Upcoming Events

View Calendar

Latest Insights

View All Insights

About The Author

Theresa LaMott

Theresa LaMott

Theresa is a Senior Consultant at Sikich. In her role, she is able to leverage her skillset as she combines two of her passions: solving problems and helping others. Whether it is administering testing, performing an assessment or assisting clients in addressing information security concerns, Theresa is up for the task. Her communication skills allow her to work effectively with people of all knowledge levels to help overcome technical challenges. Theresa is a Payment Card Industry Qualified Security Assessor (QSA), an ISO 27001 Lead Auditor and an ISO 27001 Lead Implementer and has an Associate of Applied Science degree.

©2024 All Rights Reserved.   Privacy Policy   Disclaimer

white sikich logo