[PCI DSS 3.0] 6.4.5.3 Functionality testing to verify that the change does not adversely impact the security of th

6.4.5.3 Functionality testing to verify that the change does not adversely impact the security of the system.

6.4.5.3.a For each sampled change, verify that functionality testing is performed to verify that the change does not adversely impact the security of the system.

6.4.5.3.b For custom code changes, verify that all updates are tested for compliance with PCI DSS Requirement 6.5 before being deployed into production.

Thorough testing should be performed to verify that the security of the environment is not reduced by implementing a change. Testing should validate that all existing security controls remain in place, are replaced with equally strong controls, or are strengthened after any change to the environment.