Site icon

PCI DSS 4.0 Timeline: The Eleventh Requirement and System Testing

PCI DSS 4.0 featured

System security is one task of many in organizations focused on compliance, one that requires continuous monitoring and diligence to ensure its success. One of the more critical aspects of compliance requirements like PCI DSS 4.0 is ongoing testing of system and network components. 

What does that process look like for companies in the payment industry? It involves a combination of active and passive testing methods to document and follow up on unauthorized changes. 

 

What Does It Mean to Test a System or Network for Security?

Modern IT systems are complex, interacting components across storage, processing, and networking contexts. As such, it’s important to understand the testing requirements for all types of technologies and how these tests address specific issues. 

Some common forms of security testing you’ll see in practice, and those required in one form or another in PCI DSS, include:

 

What Is the Eleventh Requirement for PCI DSS 4.0?

The eleventh requirement focuses almost entirely on testing. This includes system and network testing, penetration testing, monitoring requirements and intrusion detection.

11.1 – Processes and Mechanisms for Regularly Testing Security of Systems and Networks

 

11.2 – Wireless Access Points Are Identified and Monitored

 

11.3 – External and Internal Vulnerabilities Are Monitored

 

11.4 – Regular Performance of Penetration Testing

 

11.5 – Network Intrusions and File Changes Are Detected and Responded to

 

11.6 – Unauthorized Changes on Payment Pages Are Detected and Responded to

 

Prepare for PCI DSS 4.0 with Lazarus Alliance

As we dig into the requirements of PCI DSS, you will see the increasing complexity and interoperability of the different technologies, policies, and practices you’ll need to deploy to receive PCI verification and maintain compliance. These practices aren’t just to complete a checklist. However–they are tried-and-true security practices that will help support your security efforts ten years from now. 

 

Are You Thinking Ahead for PCI DSS 4.0?

Call Lazarus Alliance at 1-888-896-7580 or fill in this form.

[wpforms id=”137574″]

 

Exit mobile version