PCI (Payment Card Industry Security Standard)
Develop and maintain secure systems and applications
Test 6.4
6.4 Examine policies and procedures to verify the following are defined: – Development/test environments are separate from production environments with access control in place to enforce separation. ? A separation of duties between personnel assigned to the development/test environments and those assigned to the production environment. – Production data (live PANs) are not used for testing or development. – Test data and accounts are removed before a production system becomes active. – Change control procedures related to implementing security patches and software modifications are documented.
Without properly documented and implemented change controls security features could be inadvertently or deliberately omitted or rendered inoperable processing irregularities could occur or malicious code could be introduced.
Click here to Start your FREE trial today!
What is a Cybersecurity Compliance Framework?
You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.
With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.
The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:
- CMMC v2
- HIPAA
- NERC CIP-002 through CIP-014 Revision 6
- NIST 800-171
- NIST 800-172
- PCI (Payment Card Industry Security Standard)
- SOC 2
- NIST 800-53
- NIST SP800-161 Supply Chain Risk Management
- NIST-CSF
- CIS Framework Controls V8
Click here to Start your FREE trial today!