12.8 - Risk to Information Assets from Third-Party Relationships Managed

Requirement 12.8 of PCI DSS 4.0 mandates that entities identify, assess and mitigate risks to cardholder data and related information assets that stem from third-party relationships, ensuring that contracts contain appropriate security obligations and that ongoing monitoring verifies compliance throughout the partnership.