We are pleased to announce the availability of the PCI DSS 4.0.1 ROC (Report on Compliance) – Limited Framework-Only Release in Apptega. This initial version provides organizations with early access to the exact requirement language from the official PCI DSS 4.0.1 ROC, enabling teams to begin mapping, planning, and preparing against the updated standard ahead of forthcoming enhancements.
This release is built directly from the authoritative PCI DSS 4.0.1 ROC and includes the complete, unmodified requirement statements for all controls.
What Is Included
This limited release includes:
- Full PCI DSS 4.0.1 Requirement Framework
All PCI DSS 4.0.1 requirement statements are available in Apptega using the exact text from the official ROC. - Accurate Structure and Numbering
Requirements follow the official PCI DSS hierarchy and numbering format. - Framework-Only Delivery
At this stage, the content is available as a framework only, allowing organizations to begin control alignment and internal planning.
This release is designed to provide immediate access to the core PCI DSS 4.0.1 requirements while additional Apptega functionality is being developed.
What Is Not Included in This Release
The following ROC elements and PCI-specific features are not included at this time:
ROC Front-Matter (Parts 1–6)
The narrative, instructions, and explanatory sections preceding the requirement statements are not included, including:
- Part 1 – Introduction and Instructions
- Part 2 – Executive Summary and Environment Description
- Part 3 – Scope of Work and Assessment Approach
- Part 4 – Sampling, Testing, and Validation Details
- Part 5 – Compensating Controls Methodology
- Part 6 – Summary, Conclusions, and Attestations
ROC Appendices B–E
The supporting appendices and guidance materials following the requirement sections are not included, including:
- Appendix B – Compensating Controls
- Appendix C / D equivalent materials (as applicable to the PCI DSS 4.0.1 ROC)
- Appendix E – Supplemental Guidance, Worksheets, or Examples
Assessment and TaskPack
A PCI DSS 4.0.1 Assessment and corresponding TaskPack are not yet available. These components will be added once supporting development work is completed.
PCI-Aligned ROC Reporting
PCI-specific ROC reporting formats are not currently supported. Only basic framework-level reporting is available. Reports will not match the official PCI DSS ROC reporting structure in this version.
Attestation of Compliance (AOC)
The AOC template and workflow are not included at this time.
Upcoming Enhancements
Over the coming phases, Apptega will introduce additional PCI DSS 4.0.1 capabilities, including:
- Full PCI DSS 4.0.1 Assessment aligned with ROC testing procedures
- Comprehensive TaskPack for implementation and evidence collection
- Expanded PCI-aligned reporting designed to support ROC output expectations
- AOC generation and export
These enhancements will bring PCI DSS 4.0.1 in Apptega to full functional parity with our other supported frameworks.
