This unit provides you with the core document that defines the PCI DSS risk management objectives.

No need to read it at this time, though it is worth understanding some of its structure.

In essence, PCI DSS version 4 consists of 12 major requirements, each of which is subdivided in a number of controls. Procedures for how to test or audit these requirements are also given.

Another document (later unit) adds guidance to how this works in a cloud context.

Tip: In the PDF reader here, you can actually click on the page numbers in the Table of Contents to jump to the desired section.