PCI (Payment Card Industry Security Standard)_Req 6.3.2

PCI (Payment Card Industry Security Standard)

Develop and maintain secure systems and applications

Req 6.3.2

6.3.2 Review custom code prior to release to production or customers in order to identify any potential coding vulnerability (using either manual or automated processes) to include at least the following: – Code changes are reviewed by individuals other than the originating code author and by individuals knowledgeable about code-review techniques and secure coding practices. ? Code-reviews ensure code is developed according to secure coding guidelines – Appropriate corrections are implemented prior to release. – Code-review results are reviewed and approved by management prior to release. Note: this requirement for code reviews applies to all custom code (both internal and public-facing) as part of the system development life cycle.

Code reviews can be conducted by knowledgeable internal personnel or third parties. Public-facing web applications are also subject to additional controls to address ongoing threats and vulnerabilities after implementation as defined at PCI DSS Requirement 6.6.


Click here to Start your FREE trial today!

Explainer video


What is a Cybersecurity Compliance Framework?

You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.

With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.

The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:

Click here to Start your FREE trial today!

Explainer video