11.3 Obtain and examine the results from the most recent penetration test to verify that penetration testing is performed at least annually and after any significant changes to the environment. Verify that any noted vulnerabilities were corrected. Verify that the penetration tests include:
[PCI DSS 1.x] 11.3 Perform penetration testing at least once a year and after any significant infrastructure or ap
[READ-ONLY] Archives
[RETIRED] PCI DSS v.1.x Questions and Answers
Regularly Monitor and Test Networks
Clarification
11.3 c mentions that that scanning needs to be performed by a qualified internal resource - what constitutes “qualified”?
And secondly it says “if applicable, does organizational independance exist” - under what circumstances is organizational independance required?
Thanks in advance
Troy