About the [RETIRED] PCI DSS v3.0 Questions and Answers Forum category
|
|
0
|
7
|
January 23, 2023
|
[PCI DSS 3.0] 12.1 Establish, publish, maintain, and disseminate a security policy.
|
|
1
|
3228
|
October 5, 2015
|
[PCI DSS 3.0] 11.3.1 Perform external penetration testing at least annually and after any significant infrastructu
|
|
1
|
3248
|
October 5, 2015
|
[PCI DSS 3.0] 1.1 Establish and implement firewall and router configuration standards that include the following
|
|
1
|
23443
|
April 22, 2015
|
[PCI DSS 3.0] 1.1.1 A formal process for approving and testing all network connections and changes to the firewall
|
|
1
|
3618
|
April 22, 2015
|
[PCI DSS 3.0] Compensating Control Requirement Number and Definition
|
|
0
|
3057
|
September 23, 2014
|
[PCI DSS 3.0] Compensating controls may be considered for most PCI DSS requirements when an entity cannot meet a r
|
|
0
|
1907
|
September 23, 2014
|
[PCI DSS 3.0] A.1.4 Enable processes to provide for timely forensic investigation in the event of a compromise to
|
|
0
|
1949
|
September 23, 2014
|
[PCI DSS 3.0] A.1.3 Ensure logging and audit trails are enabled and unique to each entity’s cardholder data enviro
|
|
0
|
1649
|
September 23, 2014
|
[PCI DSS 3.0] A.1.2 Restrict each entity’s access and privileges to its own cardholder data environment only.
|
|
0
|
1622
|
September 23, 2014
|
[PCI DSS 3.0] A.1.1 Ensure that each entity only runs processes that have access to that entity’s cardholder data
|
|
0
|
1581
|
September 23, 2014
|
[PCI DSS 3.0] A.1 Protect each entity’s (that is, merchant, service provider, or other entity) hosted environment
|
|
0
|
1516
|
September 23, 2014
|
[PCI DSS 3.0] 12.10.6 Develop a process to modify and evolve the incident response plan according to lessons learn
|
|
0
|
1752
|
September 23, 2014
|
[PCI DSS 3.0] 12.10.5 Include alerts from security monitoring systems, including but not limited to intrusion-dete
|
|
0
|
1652
|
September 23, 2014
|
[PCI DSS 3.0] 12.10.4 Provide appropriate training to staff with security breach response responsibilities.
|
|
0
|
2227
|
September 23, 2014
|
[PCI DSS 3.0] 12.10.3 Designate specific personnel to be available on a 24/7 basis to respond to alerts.
|
|
0
|
2124
|
September 23, 2014
|
[PCI DSS 3.0] 12.10.2 Test the plan at least annually.
|
|
0
|
2006
|
September 23, 2014
|
[PCI DSS 3.0] 12.10.1 Create the incident response plan to be implemented in the event of system breach. Ensure th
|
|
0
|
5097
|
September 23, 2014
|
[PCI DSS 3.0] 12.10 Implement an incident response plan. Be prepared to respond immediately to a system breach.
|
|
0
|
1267
|
September 23, 2014
|
[PCI DSS 3.0] 12.9 Additional requirement for service providers: Service providers acknowledge in writing to custo
|
|
0
|
3620
|
September 23, 2014
|
[PCI DSS 3.0] 12.8.5 Maintain information about which PCI DSS requirements are managed by each service provider, a
|
|
0
|
3094
|
September 23, 2014
|
[PCI DSS 3.0] 12.8.4 Maintain a program to monitor service providers’ PCI DSS compliance status at least annually.
|
|
0
|
2352
|
September 23, 2014
|
[PCI DSS 3.0] 12.8.3 Ensure there is an established process for engaging service providers including proper due di
|
|
0
|
2186
|
September 23, 2014
|
[PCI DSS 3.0] 12.8.2 Maintain a written agreement that includes an acknowledgement that the service providers are
|
|
0
|
2316
|
September 23, 2014
|
[PCI DSS 3.0] 12.8.1 Maintain a list of service providers.
|
|
0
|
1599
|
September 23, 2014
|
[PCI DSS 3.0] 12.8 Maintain and implement policies and procedures to manage service providers with whom cardholder
|
|
0
|
1313
|
September 23, 2014
|
[PCI DSS 3.0] 12.7 Screen potential personnel prior to hire to minimize the risk of attacks from internal sources.
|
|
0
|
2429
|
September 23, 2014
|
[PCI DSS 3.0] 12.6.2 Require personnel to acknowledge at least annually that they have read and understood the sec
|
|
0
|
1790
|
September 23, 2014
|
[PCI DSS 3.0] 12.6.1 Educate personnel upon hire and at least annually.
|
|
0
|
2691
|
September 23, 2014
|
[PCI DSS 3.0] 12.6 Implement a formal security awareness program to make all personnel aware of the importance of
|
|
0
|
1478
|
September 23, 2014
|