PCI DSS 4.0 requirements include holding an inventory of scripts, setting a justification for them and ensuring their integrity.
Each site can be configured to manage authorization and justification globally on all first party scripts (per domain defined) at once, or per file or groups of files as described below.
Global scripts authorization and justification
Authorization and justification per files(s)
When the site is configured to manage authorization and justification of first party scripts on the file level, the Script page of the first party will show the number of files that require justification, along with a button to open the Script files screen.
Clicking "Script files" will navigate you to the files page, where you can justify individual files separately or define rules for specific file types that are dynamically generated on your website.
To create a rule, enter a file path pattern in the search field. For example, to find files containing the word "plugin", use the wildcard pattern "plugin".
Once the matching files are listed, save the group and assign a justification. Any future files that match the defined pattern will automatically inherit the assigned justification.
If conflicts arise between groups, the system will guide you in modifying the group patterns to resolve them.
Once you save a group, a new record with the group name will appear in the files list.
Remove group
Groups can be removed at any time. When a group is deleted, the linked files will be available for individual justification, or you can choose to retain the previous justification.
Edit group justification
To edit a group's justification, click on the group name. The updated justification will automatically apply to all associated files and any future files matching the group's pattern.
*To maintain compliance, all files must be justified.