From f82e70422f8933dfdee2d406492195deab9112ae Mon Sep 17 00:00:00 2001
From: Tom Chwojko-Frank <117938382+tomcf-hcp@users.noreply.github.com>
Date: Fri, 13 Jun 2025 14:20:02 -0700
Subject: [PATCH] PCI review checklist

---
 .github/PULL_REQUEST_TEMPLATE.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index a5ed7b6..6602ecf 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -18,3 +18,19 @@ Relates OR Closes #0000
   prioritize this request
 * Please do not leave "+1" comments, they generate extra noise for pull request
   followers and do not help prioritize the request
+
+## PCI review checklist
+
+<!-- heimdall_github_prtemplate:grc-pci_dss-2024-01-05 -->
+
+- [ ] If applicable, I’ve documented a plan to revert these changes if they require more than reverting the pull request.
+
+- [ ] If applicable, I’ve worked with GRC to document the impact of any changes to security controls.
+
+  Examples of changes to controls include access controls, encryption, logging, etc.
+
+- [ ] If applicable, I’ve worked with GRC to ensure compliance due to a significant change to the cardholder data environment.
+
+  Examples include changes to operating systems, ports, protocols, services, cryptography-related components, PII processing code, etc.
+
+If you have any questions, please contact your direct supervisor, GRC (#team-grc), or the PCI working group (#proj-pci-core). You can also find more information at [PCI Compliance](https://hashicorp.atlassian.net/wiki/spaces/SEC/pages/2784559202/PCI+Compliance).
\ No newline at end of file