Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » PCI DSS » PCI Patch Management

PCI Patch Management

PCI patch management is an important aspect of PCI Requirement 6.2. According to the rule, an auditor should review your company’s policies and procedures to confirm the existence of a patch management process. 

The specific section that addresses the patching is 6.3 – “Security vulnerabilities are identified and addressed.” However, while you can see that the patching is dotted throughout the section, the main requirement is present in point 6.3.3, which states:

All system components must be safeguarded against known vulnerabilities by applying security patches and updates. Critical or high-security patches, determined through a risk ranking process (Requirement 6.3.1), must be installed within one month of release.

When a vulnerability or patch is discovered, you need to assess its risk level, categorizing it as ‘high,’ ‘medium,’ or ‘low.’ This categorization aids in prioritizing and dealing with the most critical issues.

Additional reading

Continous control monitoring
Blogs Cybersecurity

Continuous Control Monitoring (CCM) Guide – Examples & Benefits

Gone are the days of Excel and Spreadsheet-driven control monitoring that shackled risk management efficiency and left businesses vulnerable. Today, it’s possible to get a real-time view of all the checks and controls, how they perform against criteria, and pinpoint where they fail — 24×7, 365 days a year.  But what does it mean for…
drata pricing
Blogs

Drata Pricing With Product Features

Drata is a leading GRC (Governance, Risk, and Compliance) automation platform for startups, scaling businesses, and enterprises. It automates complying with regulatory frameworks such as SOC 2, ISO 27001, HIPAA, and GDPR.  In this blog, we’re breaking down Drata’s pricing structure so you can make an informed decision about choosing the right GRC platform.  What…
GRC risk management
Blogs GRC

What is GRC Risk Management: Detailed Process Guide

Neglecting risk management can lead to unexpected disasters, even for industry giants. Take the example of Mondelez in 2023: the Oreo manufacturer faced a data breach after a third-party legal firm was hacked, exposing sensitive employee information like addresses, social security numbers, and dates of birth. Incidents like this highlight why effective risk management is…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales