Overview
PCI DSS v4.0 § 11.6.1 requires you to identify, approve, and justify every script that executes on the payment page. The Authorization & Justification widget flags any script that still lacks a business justification.
Step‑by‑Step
-
From the PCI Dashboard, "Authorization & Justification" widget, click Manage 1st Party or Manage 3rd+ Party.
You'll get the list of scripts that require handling. -
Select a script to manage
- Select the site where justification is required
- Click "Add Script justification"
- Add your justification
- Click "Submit"
-
Repeat until Requires Action reads 0.
You can also view our a step-by-step walkthrough of how to add a written justification here: How do I add a written justification to a script? [FAQ]
Troubleshooting / FAQ
-
The same domain appears multiple times. First‑party counting treats the entire domain as one script; justify once to clear all its files.
-
Can I bulk‑justify? Yes—shift‑select multiple rows, then use the bulk action menu.
-
What if a script reappears next month? The system remembers your justification unless the file path, hash, or behaviors change.