PCI (Payment Card Industry Security Standard)_Req 6.1

PCI (Payment Card Industry Security Standard)

Develop and maintain secure systems and applications

Req 6.1

6.1 Establish a process to identify security vulnerabilities using reputable outside sources for security vulnerability information and assign a risk ranking (for example as “high” “medium” or “low”) to newly discovered security vulnerabilities. Note: risk rankings should be based on industry best practices as well as consideration of potential impact. For example criteria for ranking vulnerabilities may include consideration of the CVSS base score and/or the classification by the vendor and/or type of systems affected.

Methods for evaluating vulnerabilities and assigning risk ratings will vary based on an organization’s environment and riskassessment strategy. Risk rankings should at a minimum identify all vulnerabilities considered to be a “high risk” to the environment. In addition to the risk ranking vulnerabilities may be considered “critical” if they pose an imminent threat to the environment impact critical systems and/or would result in a potential compromise if not addressed. Examples of critical systems may include security systems public-facing devices and systems databases and other systems that store process or transmit cardholder data.

 

Click here to Start your FREE trial today!

Explainer video

 

What is a Cybersecurity Compliance Framework?

You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.

With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.

The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:

Click here to Start your FREE trial today!

Explainer video