hashicorp · tomcf-hcp · Jun 21, 2025
@@ -18,3 +18,19 @@ How was this change implemented?
 [Example](https://github.com/hashicorp/vault/commit/2715f5cec982aabc7b7a6ae878c547f6f475bba6)
 [ ] Add output for any tests not ran in CI to the PR description (eg, acceptance tests)
 [ ] Backwards compatible
+
+## PCI review checklist
+
+<!-- heimdall_github_prtemplate:grc-pci_dss-2024-01-05 -->
+
+- [ ] If applicable, I’ve documented a plan to revert these changes if they require more than reverting the pull request.
+
+- [ ] If applicable, I’ve worked with GRC to document the impact of any changes to security controls.
+
+  Examples of changes to controls include access controls, encryption, logging, etc.
+
+- [ ] If applicable, I’ve worked with GRC to ensure compliance due to a significant change to the cardholder data environment.
+
+  Examples include changes to operating systems, ports, protocols, services, cryptography-related components, PII processing code, etc.
+
+If you have any questions, please contact your direct supervisor, GRC (#team-grc), or the PCI working group (#proj-pci-core). You can also find more information at [PCI Compliance](https://hashicorp.atlassian.net/wiki/spaces/SEC/pages/2784559202/PCI+Compliance).