[PCI-DSS] Requirement 11: Regularly test security systems and processes. - PCI DSS FAQ - Payment Card Industry (PCI) Data Security Standard Discussion Forum

		PCI DSS FAQ - Payment Card Industry (PCI) Data Security Standard Discussion Forum > Payment Card Industry Data Security Standard Frequently Asked Questions (PCI DSS FAQ) > Regularly Monitor and Test Networks
[PCI-DSS] Requirement 11: Regularly test security systems and processes.

[PCI-DSS] Requirement 11: Regularly test security systems and processes. Vulnerabilities are being discovered continually by hackers and researchers, and being introduced by new software. Systems, processes, and custom software should be tested frequently to ensure security is maintained over time and with any changes in software.

Threads in Forum : [PCI-DSS] Requirement 11: Regularly test security systems and processes.

Forum Tools

Search this Forum

Rating Thread / Thread Starter	Last Post	Replies	Views
11.5 Deploy file integrity monitoring software to alert personnel to unauthorized modification of critical system or content files; and configure the software to perform critical file comparisons at least weekly. Critical files are not necessarily only those containing cardholder data. For file integrity monitoring purposes, critical files are usually those that do not regularly change, but the modification of which could indicate a system compromise or risk of compromise. File integrity monitoring product admin	02-22-2010 05:27 AM by bluee	6	4,738
11.1 Test security controls, limitations, network connections, and restrictions annually to assure the ability to adequately identify and to stop any unauthorized access attempts. Use a wireless analyzer at least quarterly to identify all wireless devices in use. admin	03-16-2009 01:24 PM by kenathanasiou	2	1,172
11.4 Use network intrusion detection systems, host-based intrusion detection systems, and intrusion prevention systems to monitor all network traffic and alert personnel to suspected compromises. Keep all intrusion detection and prevention engines up-to-date. admin	03-18-2007 03:35 AM by admin	0	930
11.3.2 Application-layer penetration tests admin	03-18-2007 03:34 AM by admin	0	1,420
11.3.1 Network-layer penetration tests admin	03-18-2007 03:34 AM by admin	0	1,178
11.3 Perform penetration testing at least once a year and after any significant infrastructure or application upgrade or modification (such as an operating system upgrade, a sub-network added to the environment, or a web server added to the environment). These penetration tests must include the following admin	03-18-2007 03:34 AM by admin	0	892
11.2 Run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades). Note: Quarterly external vulnerability scans must be performed by a scan vendor qualified by the payment card industry. Scans conducted after network changes may be performed by the company's internal staff. admin	03-18-2007 03:33 AM by admin	0	816

Forum Tools	Search this Forum
Mark This Forum Read View Parent Forum	Search this Forum : Advanced Search

	New posts		Hot thread with new posts
	No new posts		Hot thread with no new posts
	Thread is closed

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is On HTML code is Off Forum Rules

All times are GMT -4. The time now is 07:34 AM.