About the Regularly Monitor and Test Networks (Requirements category
|
|
0
|
117
|
January 23, 2023
|
[PCI DSS 3.0] 11.3.1 Perform external penetration testing at least annually and after any significant infrastructu
|
|
1
|
3337
|
October 5, 2015
|
[PCI DSS 3.0] 11.6 Ensure that security policies and operational procedures for security monitoring and testing ar
|
|
0
|
2011
|
September 23, 2014
|
[PCI DSS 3.0] 11.5.1 Implement a process to respond to any alerts generated by the change- detection solution.
|
|
0
|
1964
|
September 23, 2014
|
[PCI DSS 3.0] 11.5 Deploy a change-detection mechanism (for example, file-integrity monitoring tools) to alert per
|
|
0
|
2430
|
September 23, 2014
|
[PCI DSS 3.0] 11.4 Use intrusion-detection and/or intrusion-prevention techniques to detect and/or prevent intrusi
|
|
0
|
2258
|
September 23, 2014
|
[PCI DSS 3.0] 11.3.4 If segmentation is used to isolate the CDE from other networks, perform penetration tests at
|
|
0
|
2686
|
September 23, 2014
|
[PCI DSS 3.0] 11.3.3 Exploitable vulnerabilities found during penetration testing are corrected and testing is rep
|
|
0
|
2253
|
September 23, 2014
|
[PCI DSS 3.0] 11.3.2 Perform internal penetration testing at least annually and after any significant infrastructu
|
|
0
|
2115
|
September 23, 2014
|
[PCI DSS 3.0] 11.3 Implement a methodology for penetration testing that includes the following:
|
|
0
|
1642
|
September 23, 2014
|
[PCI DSS 3.0] 11.2.3 Perform internal and external scans, and rescans as needed, after any significant change. Sca
|
|
0
|
2154
|
September 23, 2014
|
[PCI DSS 3.0] 11.2.2 Perform quarterly external vulnerability scans, via an Approved Scanning Vendor (ASV) approve
|
|
0
|
2921
|
September 23, 2014
|
[PCI DSS 3.0] 11.2.1 Perform quarterly internal vulnerability scans and rescans as needed, until all “high-risk” v
|
|
0
|
2983
|
September 23, 2014
|
[PCI DSS 3.0] 11.2 Run internal and external network vulnerability scans at least quarterly and after any signific
|
|
0
|
1509
|
September 23, 2014
|
[PCI DSS 3.0] 11.1.2 Implement incident response procedures in the event unauthorized wireless access points are d
|
|
0
|
2497
|
September 23, 2014
|
[PCI DSS 3.0] 11.1.1 Maintain an inventory of authorized wireless access points including a documented business ju
|
|
0
|
2609
|
September 23, 2014
|
[PCI DSS 3.0] 11.1 Implement processes to test for the presence of wireless access points (802.11), and detect and
|
|
0
|
2113
|
September 23, 2014
|
[PCI DSS 3.0] 10.8 Ensure that security policies and operational procedures for monitoring all access to network r
|
|
0
|
1946
|
September 23, 2014
|
[PCI DSS 3.0] 10.7 Retain audit trail history for at least one year, with a minimum of three months immediately av
|
|
0
|
3855
|
September 23, 2014
|
[PCI DSS 3.0] 10.6.3 Follow up exceptions and anomalies identified during the review process.
|
|
0
|
1878
|
September 23, 2014
|
[PCI DSS 3.0] 10.6.2 Review logs of all other system components periodically based on the organization’s policies
|
|
0
|
1850
|
September 23, 2014
|
[PCI DSS 3.0] 10.6.1 Review the following at least daily:
|
|
0
|
3409
|
September 23, 2014
|
[PCI DSS 3.0] 10.6 Review logs and security events for all system components to identify anomalies or suspicious a
|
|
0
|
1381
|
September 23, 2014
|
[PCI DSS 3.0] 10.5.5 Use file-integrity monitoring or change-detection software on logs to ensure that existing lo
|
|
0
|
1800
|
September 23, 2014
|
[PCI DSS 3.0] 10.5.4 Write logs for external-facing technologies onto a secure, centralized, internal log server o
|
|
0
|
1958
|
September 23, 2014
|
[PCI DSS 3.0] 10.5.3 Promptly back up audit trail files to a centralized log server or media that is difficult to
|
|
0
|
2052
|
September 23, 2014
|
[PCI DSS 3.0] 10.5.2 Protect audit trail files from unauthorized modifications.
|
|
0
|
1669
|
September 23, 2014
|
[PCI DSS 3.0] 10.5.1 Limit viewing of audit trails to those with a job-related need.
|
|
0
|
1868
|
September 23, 2014
|
[PCI DSS 3.0] 10.5 Secure audit trails so they cannot be altered.
|
|
0
|
1683
|
September 23, 2014
|
[PCI DSS 3.0] 10.4.3 Time settings are received from industry-accepted time sources.
|
|
0
|
2483
|
September 23, 2014
|