6.4.1 Separate development/test environments from production environments, and enforce the separation with access controls

6.4.1 Separate development/test environments from production environments, and enforce the separation with access controls.

6.4.1.a Examine network documentation and network device configurations to verify that the development/test environments are separate from the production environment(s).
6.4.1.b Examine access controls settings to verify that access controls are in place to enforce separation between the development/test environments and the production environment(s).

Due to the constantly changing state of development and test environments, they tend to be less secure than the production environment. Without adequate separation between environments, it may be possible for the production environment, and cardholder data, to be compromised due to less- stringent security configurations and possible vulnerabilities in a test or development environment.