Site icon

Timeline for PCI DSS 4.0: The Sixth Requirement and Maintaining Secure Systems

PCI DSS 4.0 sixth requirement featured

Software, whether a locale installation or a web application, carries the risk of attack. While phishing and other social engineering attacks are some of the most common forms of a system breach, hackers still go for open vulnerabilities in software, whether due to bugs or misconfigured settings. That’s why the sixth requirement of the PCI DSS 4.0 emphasizes the practices and policies that help maintain secure software. 

 

How Are Companies Securing Their Software?

The truth is there are some aspects of security that you can’t 100% prevent, namely those associated with social engineering or the vulnerabilities that come with extensive and diverse IT infrastructures. However, one of the positives of securing software is that, in many cases, you can approach the problem through solid best practices and some strategic automation. 

The challenges differ when you talk about different types of software. Generally speaking, PCI DSS will focus on one or both of the following software types: 

There is little wiggle room between these two categories (generally, when an out-of-the-box application is modified to fit specific needs). Still, for PCI DSS, the distinction is more important than the overlap. 

Across these categories, administrators and security professionals will focus on a few overarching approaches to threat detection and prevention:

 

What Is the Sixth Requirement for PCI DSS 4.0?

The sixth requirement is specifically about how an organization manages their software. It covers a range of procedures and practices that may ensure the safety of the software. This means addressing hacking and vulnerabilities on the front end and development and management on the back end.

 

6.1 – Defining Processes and Mechanisms for Maintaining Secure Software

 

6.2 – Customer Software Security

 

6.3 – Security Vulnerabilities Are Identified and Addressed

 

6.4 – Web Applications Are Protected Against Attacks

 

6.5 – Changes Are Managed Securely

 

Prepare for PCI DSS 4.0 with Lazarus Alliance

As we dig into the requirements of PCI DSS, you will see the increasing complexity and interoperability of the different technologies, policies, and practices you’ll need to deploy to receive PCI verification and maintain compliance. These practices aren’t just to complete a checklist. However–they are tried-and-true security practices that will help support your security efforts ten years from now. 

 

Are You Thinking Ahead for PCI DSS 4.0?

Call Lazarus Alliance at 1-888-896-7580 or fill in this form.

[wpforms id=”137574″]

Exit mobile version