Compliance evidence
PCI DSS — domain & certificate controls
Any merchant, service provider, or processor that stores, processes, or transmits cardholder data.
Authority: PCI Security Standards Council
What PCI DSS actually requires
PCI DSS v4.0 (effective March 31, 2024, with enhanced requirements taking full effect March 31, 2025) prescribes 12 requirements across 6 control objectives. Requirements 4 (protect cardholder data in transit) and 11 (regularly test security systems) both directly reference cryptographic controls including TLS certificate health.
Full name: PCI DSS v4.0 (Payment Card Industry Data Security Standard).
Controls that touch certificates and domains
These are the 3 controls most directly affected by TLS certificate and domain lifecycle. CertRadar produces evidence bundles mapped to each.
| Control | Title | How CertRadar helps |
|---|---|---|
4.1 | Processes and mechanisms for protecting cardholder data with strong cryptography during transmission | TLS version, cipher suite, and certificate validity are explicit in the v4.0 testing procedures. |
4.2 | PAN is protected with strong cryptography during transmission | Monitoring certificate chain trust and expiry is part of ongoing verification. |
11.3 | External and internal vulnerabilities are regularly identified, prioritized, and addressed | Expired or weak-crypto certificates are scanner findings that must be remediated. |
What the evidence pack contains
CertRadar’s one-click export for PCI DSS includes:
- Cardholder-data-environment (CDE) domain inventory with live cert posture
- Weekly automated cert health check logs (required cadence under 11.3)
- Remediation timeline per finding
- Cryptographic parameter audit (TLS version, signature algorithm, key size)
Example domains in PCI DSS scope
Representative domains often monitored for PCI DSS evidence. Check any of them live:
Ship the PCI DSS evidence your auditor asks for.
CertRadar gives security, IT, and compliance teams a complete inventory of every domain and cert your company owns — plus a one-click evidence pack mapped to PCI DSS controls. Beta in weeks. Early members get a lifetime Pro discount.
Join the waitlist