11.1.1 Maintain an inventory of authorized wireless access points including a documented business justification
|
|
0
|
98
|
February 20, 2023
|
11.1 Implement processes to test for the presence of wireless access points (802.11), and detect and identify all authorized and unauthorized wireless access points on a quarterly basis
|
|
0
|
149
|
February 20, 2023
|
11: Regularly test security systems and processes
|
|
0
|
105
|
February 20, 2023
|
10.9 Ensure that security policies and operational procedures for monitoring all access to network resources and cardholder data are documented, in use, and known to all affected parties
|
|
0
|
135
|
February 19, 2023
|
10.8.1 Additional requirement for service providers only: Respond to failures of any critical security controls in a timely manner. Processes for responding to failures in security controls must include:
|
|
0
|
118
|
February 19, 2023
|
10.8 Additional requirement for service providers only: Implement a process for the timely detection and reporting of failures of critical security control systems, including but not limited to failure of:
|
|
0
|
97
|
February 19, 2023
|
10.7 Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis
|
|
0
|
118
|
February 19, 2023
|
10.6.3 Follow up exceptions and anomalies identified during the review process
|
|
0
|
102
|
February 19, 2023
|
10.6.2 Review logs of all other system components periodically based on the organization’s policies and risk management strategy, as determined by the organization’s annual risk assessment
|
|
0
|
101
|
February 19, 2023
|
10.6.1 Review the following at least daily:
|
|
0
|
98
|
February 19, 2023
|
10.6 Review logs and security events for all system components to identify anomalies or suspicious activity
|
|
0
|
129
|
February 19, 2023
|
10.5.5 Use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts (although new data being added should not cause an alert)
|
|
0
|
92
|
February 19, 2023
|
10.5.4 Write logs for external-facing technologies onto a secure, centralized, internal log server or media device
|
|
0
|
113
|
February 19, 2023
|
10.5.3 Promptly back up audit trail files to a centralized log server or media that is difficult to alter
|
|
0
|
109
|
February 19, 2023
|
10.5.2 Protect audit trail files from unauthorized modifications
|
|
0
|
123
|
February 19, 2023
|
10.5.1 Limit viewing of audit trails to those with a job-related need
|
|
0
|
80
|
February 19, 2023
|
10.5 Secure audit trails so they cannot be altered
|
|
0
|
75
|
February 19, 2023
|
10.4.3 Time settings are received from industry-accepted time sources
|
|
0
|
98
|
February 19, 2023
|
10.4.2 Time data is protected
|
|
0
|
134
|
February 19, 2023
|
10.4.1 Critical systems have the correct and consistent time
|
|
0
|
119
|
February 19, 2023
|
10.4 Using time-synchronization technology, synchronize all critical system clocks and times and ensure that the following is implemented for acquiring, distributing, and storing time
|
|
0
|
136
|
February 19, 2023
|
10.3 Record at least the following audit trail entries for all system components for each event:
|
|
0
|
88
|
February 19, 2023
|
10.2.7 Creation and deletion of system- level objects
|
|
0
|
121
|
February 19, 2023
|
10.2.6 Initialization, stopping, or pausing of the audit logs
|
|
0
|
157
|
February 19, 2023
|
10.2.5 Use of and changes to identification and authentication mechanisms
|
|
0
|
144
|
February 19, 2023
|
10.2.4 Invalid logical access attempts
|
|
0
|
101
|
February 19, 2023
|
10.2.3 Access to all audit trails
|
|
0
|
81
|
February 19, 2023
|
10.2.2 All actions taken by any individual with root or administrative privileges
|
|
0
|
152
|
February 19, 2023
|
10.2.1 All individual user accesses to cardholder data
|
|
0
|
83
|
February 19, 2023
|
10.2 Implement automated audit trails for all system components to reconstruct the following events:
|
|
0
|
70
|
February 19, 2023
|