Blacksight
PCI DSS 4.0 Requirement 6.4.3

PCI 4.0 script integrity. Automated.

Requirement 6.4.3 became mandatory in March 2025. Your QSA wants a script inventory, authorization records, and integrity verification for every script on your payment pages. BlackSight automates all three — inventory, SRI checks, and change detection — from $29/month.

Free first scan No credit card Script inventory in 90 seconds

What your QSA is asking for.

PCI DSS 4.0 Requirement 6.4.3 mandates three controls for every script on payment pages. Most businesses are still doing these manually — or not at all.

1. Script inventory

Maintain a catalog of every script loaded on your payment pages, including dynamically injected third-party code. BlackSight builds this automatically on every scan.

2. Authorization tracking

Each script must be explicitly authorized with documented justification. Our reports show every script's source, purpose, and whether SRI authorization is in place.

3. Integrity verification

Confirm that scripts haven't been tampered with since authorization. BlackSight checks SRI hashes and flags any script that changes content without a corresponding hash update.

Compliance shouldn't cost six figures.

Enterprise compliance platforms bundle script monitoring deep inside $25K+ contracts. Manual audits produce a snapshot that's outdated in days. We automate what 6.4.3 actually requires — continuously.

PCI 4.0 Requirement BlackSight $29 Manual audit Enterprise GRC
Script inventory (6.4.3.a) Automated Spreadsheet Automated
Authorization records (6.4.3.b) Report Manual sign-off Workflow
Integrity verification (6.4.3.c) SRI + drift Not feasible Varies
Continuous monitoring Quarterly at best
Starting price $29/mo Staff time $25K+/yr

Feature comparisons reflect typical category positioning as of 2026. Individual vendors vary.

Check your PCI 4.0 script compliance now.

Free scan. No credit card. See every script on your site with SRI status and breach flags.

Version 1.0.68