Am I understanding the difference between these two points correctly?

6.3.1 is ‘Testing of all security patches and system and software configuration changes before deployment’

6.4.3 is ‘Testing of operational functionality’

Regarding software changes, is it the case that if changes are tested and documented, that qualifies as a pass for both points. Or is 6.3.1 pre-deployment testing and 6.4.3 considered separate testing of the change in a live environment, post deployment?

You need to go back to overall wording from requirements 6.3 and 6.4 to interpret 6.3.1 and 6.4.3.

Requirement 6.3 and its sub-requirements are all related to custom, in-house application software development. As that relates to 6.3.1, this requirement is making sure that patches and changes are compatible with the in-house developed application prior to that application being placed into production. Those in the application development arena can attest to the fact that not all patches are necessarily compatible with custom software. So, if you are not dealing with in-house developed applications, this set of requirements have no relevance.

Requirement 6.4 and its sub-requirements are concerned about overall change control, regardless of whether that change is to an application, OS, configuration or any other production change. So, in the case of 6.4.3 is related to the testing of any change that will be made to the production environment to ensure that it does not adversely affect production.

The key difference between these two is that requirement 6.3 is only relevant if custom, in-house development is performed whereas requirement 6.4 and its sub-requirements are applicable to ALL environments, not just those with custom development.

@HappyCat, the key here is to prevent a change from being rolled into production if, due to lack of testing, it could weaken the production system and result in the disclosure of cardholder data. If you test changes in your development/QA environment and they do not break or weaken the system you can roll them into production and maintain that state of compliance.

Thanks to both of you for clarifying, appreciated.