- Docs
- PCI DSS Library
- Domdog x PCI DSS 4.0.1 -Responsibility Matrix
Domdog x PCI DSS 4.0.1 -Responsibility Matrix
Overview
This PCI DSS responsibility matrix helps Domdog customers and their Qualified Security Assessors (QSAs) during PCI DSS compliance audits. As specified in PCI DSS 4.0.1 requirements 12.8.5, the matrix outlines the responsibilities that Domdog and its customers must fulfill to maintain PCI DSS compliance.
PCI DSS and Domdog
Domdog's Page Security Manager is a comprehensive security and compliance solution that provides continuous monitoring and protection against web-skimming attacks while delivering actionable threat insights. The Page Security Manager helps organizations meet PCI DSS 4.0.1 requirements 6.4.3 and 11.6.1 for payment pages. Organizations can choose the security approach that best fits their needs—whether it's our JavaScript Agent, Remote Scanning, Content Security Policy, or any combination of these.
Core Capabilities
- Script Inventory with Justification
- Script Authorization
- Script Integrity
- Page Integrity
- Alerting
- Single Page Evidence Report
PCI DSS 4.0.1 Responsibility Matrix
Below is the responsibility matrix for requirements 6.4.3 and 11.6.1:
| Requirement | Requirement Text | Domdog Responsibility | Customer Responsibility | Joint |
| 6.4.3 - Scripts Inventory & Management | All payment page scripts that are loaded and executed in the consumer's browser are managed as follows: • A method is implemented to confirm that each script is authorized. • A method is implemented to assure the integrity of each script. • An inventory of all scripts is maintained with written justification as to why each is necessary. This requirement is a best practice until 31 March 2025. | Joint responsibility | ||
| 11.6.1 - Page Integrity Monitoring | A change- and tamper-detection mechanism is deployed as follows: - To alert personnel to unauthorized modification (including indicators of compromise, changes, additions, and deletions) to the HTTP headers and the contents of payment pages as received by the consumer browser. - The mechanism is configured to evaluate the received HTTP header and payment page. - The mechanism functions are performed as follows: - At least once every seven days OR - Periodically (at the frequency defined in the entity's targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). This requirement is a best practice until 31 March 2025. | Responsible |
