ControlMap

PCI DSS v4.0

The Payment Card Industry Data Security Standard (PCI DSS) v4.0 is a set of security requirements for organizations that handle cardholder data. It covers network security, data protection, vulnerability management, access control, monitoring, and security policies across 12 requirement groups.

100%
Coverage
49
Controls Covered
0
Gaps
49
Total Controls

Covered Controls

Controls that have explicit mappings to PCI DSS requirements.

Govern (6 controls)

Gp Governance Policy
12.1.1, 12.1.2
 Rm Risk Management
12.3.1, 12.3.2
 Sc Supply Chain Risk
12.8.1, 12.8.2, 12.8.4
 Rr Roles & Responsibilities
12.1.3, 12.4.1
 Cm Compliance
12.1.1, 12.4.2, 12.8.5
 Vr Vendor Risk Mgmt
12.8.1, 12.8.2, 12.8.3, 12.8.4, 12.8.5

Identify (6 controls)

Am Asset Management
2.4, 9.9.1, 12.5.1
 Ra Risk Assessment
6.3.1, 11.3.1, 12.3.1
 Be Business Environment
12.1.1
 Da Data Classification
3.2.1, 3.3.1, 3.4.1, 9.4.1
 Vn Vulnerability Mgmt
6.3.1, 6.3.3, 11.3.1, 11.3.2
 Ti Threat Intelligence
6.3.1

Protect (21 controls)

Aw Awareness & Training
12.6.1, 12.6.2, 12.6.3
 Ac Access Control
7.2.1, 7.2.2, 7.2.4, 8.2.1
 Mf Multi-Factor Auth
8.4.1, 8.4.2, 8.4.3
 En Encryption
3.5.1, 4.2.1, 4.2.2
 Dp Data Protection
3.4.1, 3.5.1, 4.2.1
 Bk Backup & Recovery
9.4.5.1
 Pa Privileged Access
7.2.1, 7.2.2, 8.6.1
 Fw Firewall / Net Seg
1.2.1, 1.3.1, 1.3.2, 1.4.1
 Ep Endpoint Protection
5.2.1, 5.2.2, 5.3.1
 Pm Patch Management
6.3.1, 6.3.3
 Cf Secure Config
2.2.1, 2.2.2, 2.2.4
 Sd Secure Development
6.2.1, 6.2.2, 6.2.3, 6.2.4
 Ml Email Security
5.2.1
 Ws Web Security
6.4.1, 6.4.2, 6.4.3
 Zt Zero Trust
1.3.1, 7.2.1
 Mb Mobile Security
2.2.4, 6.2.1
 Cl Cloud Security
2.2.1, 12.8.1
 Ds DNS Security
1.2.1
 Wf WAF
6.4.1, 6.4.2
 Dl DLP
3.4.1, 9.4.1
 Ap API Security
6.2.1, 6.2.3, 6.5.4

Detect (6 controls)

Sm Cont. Monitoring
10.4.1, 10.4.2, 11.5.1
 Lg Logging & Audit
10.2.1, 10.2.2, 10.3.1, 10.5.1
 Id Intrusion Detection
11.4.1, 11.4.2, 11.4.3
 An Anomaly Detection
10.4.1, 11.5.1.1
 Sg SIEM / SOC
10.4.1, 10.4.3, 11.5.2
 It Insider Threat
7.2.1, 10.2.1, 10.6.1

Respond (5 controls)

Ir Incident Response
12.10.1, 12.10.2, 12.10.3
 Fn Forensics
12.10.5
 Co Communication
12.10.1, 12.10.6
 Mt Mitigation
12.10.4
 Rp Reporting
12.10.1, 12.10.6

Recover (5 controls)

Rc Recovery Planning
12.10.1
 Bc Business Continuity
12.10.1
 Ll Lessons Learned
12.10.2
 Cr Comms & Restore
12.10.6
 Dr Disaster Recovery
12.10.1

PCI DSS vs Other Frameworks

PCI DSS provides 100% coverage of the 49 cybersecurity controls tracked by ControlMap. NIST CSF 2.0 covers 100%, ISO 27001 covers 100%, CIS v8 covers 90%, SOC 2 covers 100%, CMMC covers 94%, 800-53 covers 100%, HIPAA covers 94%, GDPR covers 96%. For maximum coverage, organizations often combine PCI DSS with complementary frameworks to address gaps in areas like niche domains.

Other Frameworks

NIST CSF 2.0 ISO 27001 CIS v8 SOC 2 CMMC 800-53 HIPAA GDPR
View PCI DSS in Interactive Dashboard