Framework program
PCI DSS 4.0 evidence template.
This is a reusable framework module. It defines source authority, native identifier patterns, collector fit, expected evidence, manual evidence gates, and deployment posture before any client project is created.
next seedPCI DSS v4.0.1PCI
Template status
planned
PCI Security Standards Council
Seed rows
9
Source-native requirement rows
Native examples
3
Stored without normalization loss
Collectors
4
configuration, api, document, manual-upload
Deployment fits
3
SaaS, private, appliance, runner
Native source contract
Keep the framework’s identifiers intact
8.4.2
Evidence maps to this native reference first, then to any shared ControlFrame control spine or cross-framework reuse.
10.2.1
Evidence maps to this native reference first, then to any shared ControlFrame control spine or cross-framework reuse.
12.3.1
Evidence maps to this native reference first, then to any shared ControlFrame control spine or cross-framework reuse.
Automated evidence
Collector lanes to build
CDE asset inventory
network/security configuration snapshots
vulnerability scan imports
logging and access-control tests
change and secure SDLC evidence
Manual or human-gated evidence
Do not fabricate these artifacts
SAQ/ROC scoping decisions
segmentation diagrams
ASV scan attestations
QSA review notes
compensating control worksheets