Strondex
78 controls · 12 categories

PCI DSS Compliance Checklist (v4.0)

PCI DSS scope is where most assessments go sideways. This checklist covers 78 controls across all twelve PCI DSS v4.0 requirement areas — with SAQ-A and SAQ-D annotations — so you can define your cardholder data environment, segment it, and close gaps before your QSA does.

Get the checklist — $147Free 1-page preview (PDF)

One-time purchase · instant download · 78 controls with verification & remediation steps

What's inside

78 controls across 12 categories

Every control is plain-language, prioritized by severity, and paired with how to verify it and how to fix it. Organized into 12 sections.

Access Control11
Vulnerability Management8
Policy8
Network7
Data Protection7
Logging7
Scoping6
Encryption5
Authentication5
Security Testing5
Third Parties5
Credentials4

Real sample controls

A look at the highest-severity controls

These are taken directly from the checklist — no paraphrasing.

  • PCI-SCOPE-01CRITICALScoping

    Define and document the Cardholder Data Environment (CDE).

  • PCI-SCOPE-02CRITICALScoping

    Isolate the CDE from out-of-scope systems with network segmentation.

  • PCI-NET-01CRITICALNetwork

    Install firewalls at every internet connection and between the DMZ and internal network.

  • PCI-NET-02CRITICALNetwork

    Allow no direct public access between the internet and any CDE component.

PCI DSS Compliance Checklist

$147one-time
  • 78 prioritized controls
  • Verify & fix steps for each control
  • 12 categories across 12 sections
  • Instant download · lifetime access
Get the checklist ›

By purchasing you agree to our Terms. Digital products are non-refundable once accessed.

Free

Not ready to buy?

Download a free one-page preview of this checklist — the highest-impact controls, no email gate. Want the curated top-10 by email instead? Use the form on the homepage.

Download free 1-pager (PDF)Email me the top-10 controls ›

Why teams use Strondex

Built by security professionals

Controls drawn from CIS benchmarks, framework requirements, and real-world assessment findings.

Self-serve, no consultant

Plain-language steps you can action yourself — without the $300/hr engagement.

Honest scope

Exactly 78 controls. No inflated counts, no fabricated reviews — see the samples above.

Frequently asked questions

Does this checklist cover PCI DSS v4.0?

Yes. All 78 controls are written for PCI DSS v4.0 and annotated for SAQ-A and SAQ-D so you can focus on the requirements that apply to your validation type.

What is the difference between SAQ-A and SAQ-D here?

SAQ-A applies to merchants who fully outsource cardholder data handling; SAQ-D is the most comprehensive. Controls are annotated so you only work through what your SAQ type requires.

Does completing this make me PCI compliant?

It prepares you for compliance and a QSA assessment. Formal PCI DSS validation is performed by a Qualified Security Assessor or via the appropriate self-assessment questionnaire and attestation.

Explore the rest of the library

47 controls

Cyber Insurance Prep Checklist

47 controls underwriters actually check — know exactly where you stand before renewal.

View $47 ›
80 controls

M365 Security Hardening Checklist

80 CIS-based controls for Microsoft 365 — close the gaps before attackers find them.

View $97 ›
95 controls

AWS Hardening Checklist

95 CIS L1/L2 controls for AWS — IAM, logging, networking, storage, and more.

View $147 ›
88 controls

Azure Hardening Checklist

88 CIS-based controls for Microsoft Azure — identity to networking to Defender.

View $147 ›
85 controls

SOC 2 Readiness Workbook

85 controls mapped to AICPA Trust Services Criteria — know your audit readiness score.

View $197 ›

‹ Back to Strondex home