[RETIRED] PCI DSS v3.0 Questions and Answers Forum

Topic	Views	Activity
[PCI DSS 3.0] 12.5.5 Monitor and control all access to data. Maintain an Information Security Policy (Requireme requirement-12:-main	1849	September 23, 2014
[PCI DSS 3.0] 12.5.4 Administer user accounts, including additions, deletions, and modifications. Maintain an Information Security Policy (Requireme requirement-12:-main	1633	September 23, 2014
[PCI DSS 3.0] 12.5.3 Establish, document, and distribute security incident response and escalation procedures to e Maintain an Information Security Policy (Requireme requirement-12:-main	1725	September 23, 2014
[PCI DSS 3.0] 12.5.2 Monitor and analyze security alerts and information, and distribute to appropriate personnel. Maintain an Information Security Policy (Requireme requirement-12:-main	1659	September 23, 2014
[PCI DSS 3.0] 12.5.1 Establish, document, and distribute security policies and procedures. Maintain an Information Security Policy (Requireme requirement-12:-main	1505	September 23, 2014
[PCI DSS 3.0] 12.5 Assign to an individual or team the following information security management responsibilities Maintain an Information Security Policy (Requireme requirement-12:-main	1524	September 23, 2014
[PCI DSS 3.0] 12.4 Ensure that the security policy and procedures clearly define information security responsibili Maintain an Information Security Policy (Requireme requirement-12:-main	1637	September 23, 2014
[PCI DSS 3.0] 12.3.10 For personnel accessing cardholder data via remote-access technologies, prohibit the copying Maintain an Information Security Policy (Requireme requirement-12:-main	2141	September 23, 2014
[PCI DSS 3.0] 12.3.9 Activation of remote-access technologies for vendors and business partners only when needed b Maintain an Information Security Policy (Requireme requirement-12:-main	2051	September 23, 2014
[PCI DSS 3.0] 12.3.8 Automatic disconnect of sessions for remote-access technologies after a specific period of in Maintain an Information Security Policy (Requireme requirement-12:-main	4219	September 23, 2014
[PCI DSS 3.0] 12.3.7 List of company-approved products Maintain an Information Security Policy (Requireme requirement-12:-main	2906	September 23, 2014
[PCI DSS 3.0] 12.3.6 Acceptable network locations for the technologies Maintain an Information Security Policy (Requireme requirement-12:-main	2397	September 23, 2014
[PCI DSS 3.0] 12.3.5 Acceptable uses of the technology Maintain an Information Security Policy (Requireme requirement-12:-main	1796	September 23, 2014
[PCI DSS 3.0] 12.3.4 A method to accurately and readily determine owner, contact information, and purpose (for exa Maintain an Information Security Policy (Requireme requirement-12:-main	1817	September 23, 2014
[PCI DSS 3.0] 12.3.3 A list of all such devices and personnel with access Maintain an Information Security Policy (Requireme requirement-12:-main	1916	September 23, 2014
[PCI DSS 3.0] 12.3.2 Authentication for use of the technology Maintain an Information Security Policy (Requireme requirement-12:-main	1652	September 23, 2014
[PCI DSS 3.0] 12.3.1 Explicit approval by authorized parties Maintain an Information Security Policy (Requireme requirement-12:-main	2047	September 23, 2014
[PCI DSS 3.0] 12.3 Develop usage policies for critical technologies and define proper use of these technologies. Maintain an Information Security Policy (Requireme requirement-12:-main	2118	September 23, 2014
[PCI DSS 3.0] 12.2 Implement a risk-assessment process that: Maintain an Information Security Policy (Requireme requirement-12:-main	3695	September 23, 2014
[PCI DSS 3.0] 12.1.1 Review the security policy at least annually and update the policy when the environment chang Maintain an Information Security Policy (Requireme requirement-12:-main	1941	September 23, 2014
[PCI DSS 3.0] 11.6 Ensure that security policies and operational procedures for security monitoring and testing ar Regularly Monitor and Test Networks (Requirements requirement-11:-regu	1988	September 23, 2014
[PCI DSS 3.0] 11.5.1 Implement a process to respond to any alerts generated by the change- detection solution. Regularly Monitor and Test Networks (Requirements requirement-11:-regu	1930	September 23, 2014
[PCI DSS 3.0] 11.5 Deploy a change-detection mechanism (for example, file-integrity monitoring tools) to alert per Regularly Monitor and Test Networks (Requirements requirement-11:-regu	2398	September 23, 2014
[PCI DSS 3.0] 11.4 Use intrusion-detection and/or intrusion-prevention techniques to detect and/or prevent intrusi Regularly Monitor and Test Networks (Requirements requirement-11:-regu	2227	September 23, 2014
[PCI DSS 3.0] 11.3.4 If segmentation is used to isolate the CDE from other networks, perform penetration tests at Regularly Monitor and Test Networks (Requirements requirement-11:-regu	2657	September 23, 2014
[PCI DSS 3.0] 11.3.3 Exploitable vulnerabilities found during penetration testing are corrected and testing is rep Regularly Monitor and Test Networks (Requirements requirement-11:-regu	2229	September 23, 2014
[PCI DSS 3.0] 11.3.2 Perform internal penetration testing at least annually and after any significant infrastructu Regularly Monitor and Test Networks (Requirements requirement-11:-regu	2092	September 23, 2014
[PCI DSS 3.0] 11.3 Implement a methodology for penetration testing that includes the following: Regularly Monitor and Test Networks (Requirements requirement-11:-regu	1615	September 23, 2014
[PCI DSS 3.0] 11.2.3 Perform internal and external scans, and rescans as needed, after any significant change. Sca Regularly Monitor and Test Networks (Requirements requirement-11:-regu	2127	September 23, 2014
[PCI DSS 3.0] 11.2.2 Perform quarterly external vulnerability scans, via an Approved Scanning Vendor (ASV) approve Regularly Monitor and Test Networks (Requirements requirement-11:-regu	2880	September 23, 2014