Site icon

Timeline for PCI DSS 4.0: The Fifth Requirement and Malicious Software

PCI DSS 4.0 featured

Malware is an ever-present, if sometimes forgotten, threat to our IT systems. We tend to think that anti-malware and other security measures have effectively blocked out the threats of old worms and viruses. The real threat is against network and application security. However, hackers always look to launch malware into compromised systems to listen, learn, and steal information. 

The fifth requirement of PCI DSS 4.0 is all about protection against malware. IT systems handling PAN or other cardholder information must have specific anti-malware security measures to mitigate these threats and ensure that they haven’t made their way into protected system resources. 

 

What Are Different Threats from Malware?

“Malware” is a catch-all term referring to malicious software or any application a hacker uses to take control of a system for nefarious purposes. 

The origins of malware actually reside in the term more commonly used throughout the earlier history of computing–viruses. Computer viruses, or malicious and replicating programs, were the stuff of nightmares for security experts in the 1980s through the early 2000s. Viruses made up the public’s cybersecurity lexicon, alongside worms (self-transmitting viruses) and trojans (viruses hidden behind seemingly-legitimate software).

Malware became more accepted when it became clear that several forms of malicious software exist outside the virus metaphor. Some of these include:

 

What Is the Fifth Requirement of PCI DSS 4.0?

The fifth requirement, “Protect All Systems and Networks from Malicious Software,” is (as the name suggested) focused on implementing preventative and remediation measures to address the malware threat. 

On the surface, these requirements are quite simple, but they do require constant vigilance on the part of the compliant organization. As malware continuously evolves, the expectation is that anti-malware measures will evolve as well. 

 

5.1 – Defining Processes and Mechanisms for Protecting Against Malware

 

5.2 – Malicious Malware is Prevented, or Detected and Addressed

5.3 – Anti-Malware Mechanisms and Processes Are Active and Maintained

 

5.4 – Anti-Phishing Mechanisms Protect Against Phishing

 

Prepare for PCI DSS 4.0 with Lazarus Alliance

As we dig into the requirements of PCI DSS, you will see the increasing complexity and interoperability of the different technologies, policies, and practices you’ll need to deploy to receive PCI verification and maintain compliance. These practices aren’t just to complete a checklist. However–they are tried-and-true security practices that will help support your security efforts ten years from now.

 

Are You Thinking Ahead for PCI DSS 4.0?

Call Lazarus Alliance at 1-888-896-7580 or fill in this form.

[wpforms id=”137574″]

Exit mobile version