PCI (Payment Card Industry Security Standard)_Test 6.4

PCI (Payment Card Industry Security Standard)

Develop and maintain secure systems and applications

Test 6.4

6.4 Examine policies and procedures to verify the following are defined: – Development/test environments are separate from production environments with access control in place to enforce separation. ? A separation of duties between personnel assigned to the development/test environments and those assigned to the production environment. – Production data (live PANs) are not used for testing or development. – Test data and accounts are removed before a production system becomes active. – Change control procedures related to implementing security patches and software modifications are documented.

Without properly documented and implemented change controls security features could be inadvertently or deliberately omitted or rendered inoperable processing irregularities could occur or malicious code could be introduced.

 

Click here to Start your FREE trial today!

Explainer video

 

What is a Cybersecurity Compliance Framework?

You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.

With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.

The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:

Click here to Start your FREE trial today!

Explainer video