Entity configures the password policy of the critical systems that have access to cardholder data to meet the requirements set by PCI DSS
profile_icon
| Sep 08, 2023
Entity identifies vulnerabilities on the network through annual network testing exercise conducted by a qualified third party service provider
profile_icon
| Sep 08, 2023
Entity requires that all critical servers are protected by malware-protection software
profile_icon
| Sep 08, 2023
Entity’s Senior Management or the Information Security Officer periodically reviews and ensures that access to the critical systems is restricted to only those individuals who require such access to perform their job functions
profile_icon
| Sep 08, 2023
Entity periodically reviews that security-relevant patches are installed, including software or firmware updates and the identified end-of-life software must be removed from the environment
profile_icon
| Sep 08, 2023
Entity periodically reviews network infrastructure rule sets in accordance with identified security requirements and business justifications.
profile_icon
| Sep 08, 2023