[PCI DSS 1.x] 6.3.1 Testing of all security patches, and system and software configuration changes befor

[PCI-DSS] 6.3.1 Testing of all security patches, and system and software configuration changes before deployment, including but not limited to the following:

[ul]
[li]6.3.1.1 Validation of all input (to prevent cross-site scripting, injection flaws, malicious file execution, etc.)[/li][li]6.3.1.2 Validation of proper error handling[/li][li]6.3.1.3 Validation of secure cryptographic storage[/li][li]6.3.1.4 Validation of secure communications[/li][li]6.3.1.5 Validation of proper role-based access control (RBAC)[/li][/ul]

All changes (including patches) are tested before being deployed into production.

Hi,in reference to the point 6.3.1.4 validation of secure communication.Please advice do you mean the Internal or External secure communication.thanks

For cardholder data, secure communication is required on open, public networks. For remote system management credentials, end-point to end-point secure communication is required.

6.3.1.3 Validation of secure cryptographic storage

[FONT=Times New Roman][SIZE=3]Hi all, in reference to requirement 6.3.1.3, does any one know which cryptographics keys are within this req’s scope? Could it be storage of cryptographic keys used, for instance, for PAN rendering? If your response is YES, it sounds to me that this req 6.3.1.3 is redundant with req 3.5.2 “Store cryptographic keys securely in the fewest possible locations and forms”[/SIZE][/FONT]
[FONT=Times New Roman][SIZE=3] [/SIZE][/FONT]
[FONT=Times New Roman][SIZE=3]Any clarification is mostly appreciated. Thanks[/SIZE][/FONT]

6.3.1.5 Validation of proper role-based access control (RBAC)

[FONT=Times New Roman][SIZE=3]Hi all, in reference to requirement 6.3.1.5, does any one know which users within this req’s scope? I assume that it refers to business, operators, administrators, customers, etc. or should it be restricted to staff involved in "develop and maintenance of secure systems and applications)[/SIZE][/FONT]
[FONT=Times New Roman][SIZE=3][/SIZE][/FONT]
[FONT=Times New Roman][SIZE=3]Any clarification is mostly appreciated. Thanks[/SIZE][/FONT]