Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » PCI DSS » PCI Patch Management

PCI Patch Management

PCI patch management is an important aspect of PCI Requirement 6.2. According to the rule, an auditor should review your company’s policies and procedures to confirm the existence of a patch management process. 

The specific section that addresses the patching is 6.3 – “Security vulnerabilities are identified and addressed.” However, while you can see that the patching is dotted throughout the section, the main requirement is present in point 6.3.3, which states:

All system components must be safeguarded against known vulnerabilities by applying security patches and updates. Critical or high-security patches, determined through a risk ranking process (Requirement 6.3.1), must be installed within one month of release.

When a vulnerability or patch is discovered, you need to assess its risk level, categorizing it as ‘high,’ ‘medium,’ or ‘low.’ This categorization aids in prioritizing and dealing with the most critical issues.

Additional reading

NIST 800-53 vs NIST 800-171

Difference Between NIST 800-53 and NIST 800-171

If you’re a government contractor, the burden of demonstrating compliance and implementing certain mandatory resource requirements may seem overwhelming. You’re certainly not alone in this. Organizations that process government contractors are often mandated to become compliant with NIST 800-53, NIST 800-171 among NIST CSF, but which one of the two should your organization become compliant…
A Comprehensive Guide to Integrated Risk Management

A Comprehensive Guide to Integrated Risk Management

Businesses operating in a post-COVID era of accelerated cloud adoption and decentralized workforces are quickly realizing the need for a security-first culture to mitigate looming security risks in the face of rising costs associated with data breaches. In fact, the average cost of a data breach in the US was 4.45 million in 2023, this…
HIPAA Authorization

What is a HIPAA Authorization and How Does it Work?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that mandates the development of international guidelines to safeguard sensitive patient health information from being disclosed without the patient’s knowledge or agreement.  What is HIPAA authorization? A HIPAA authorization is permission from a person that allows a covered entity or business…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.