PCI DSS 3.2 Req 6.4.6 - Views on Updating PCI DSS Compliance Programs Upon Significant Changes to a Cardholder Data Environment

Back to main Blog

Senior Manager, Freed Maxick Risk Advisory Services

If you are classified as a merchant or service provider, anytime you make a significant change to your cardholder data environment, you are required to ensure that all relevant PCI DSS requirements have been applied to that change. This means adding an extra step of analyzing any PCI DSS requirements that apply to that change and documenting how you've ensured that those requirements have been applied like updating network diagrams or data flow diagrams.

Click to see a short video on PCI DSS 3.2’s Section 6.4.6 requirements

PCI DSS 3.2 Req. 6.4.6


Freed Maxick 6.4.6 Guidance   

PCI DSS is a rolling and perpetual standard which requires organizations to approach any chances to their environment with compliance considerations in mind. Any significant changes to the PCI CDE (Cardholder Data Environment) may require additional scrutiny on the creation of documentation or reviews of system configurations.


PCI DSS Resources 

For additional insights and guidance on 6.4.6 compliance and other PCI DSS requirements, read our blog post and get a downloadable overview of all recent updates and revisions.

Freed Maxick services for PCI DSS Compliance can be found here. If you wish for a more detailed discussion of your organization’s situations and needs, contact us or call me at 716.847.2651

Stay up to date