PCI (Payment Card Industry Security Standard)
Develop and maintain secure systems and applications
6.2 Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within one month of release. Note: critical security patches should be identified according to the risk ranking process defined in Requirement 6.1.
There is a constant stream of attacks using widely published exploits often called “zero day” (an attack that exploits a previously unknown vulnerability) against otherwise secured systems. If the most recent patches are not implemented on critical systems as soon as possible a malicious individual can use these exploits to attack or disable a system or gain access to sensitive data. Prioritizing patches for critical infrastructure ensures that high-priority systems and devices are protected from vulnerabilities as soon as possible after a patch is released. Consider prioritizing patch installations such that security patches for critical or at-risk systems are installed within 30 days and other lower-risk patches are installed within 2-3 months. This requirement applies to applicable patches for all installed software including payment applications (both those that are PA-DSS validated and those that are not).
What is a Cybersecurity Compliance Framework?
You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.
With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.
The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:
- CMMC v2
- NERC CIP-002 through CIP-014 Revision 6
- NIST 800-171
- NIST 800-172
- PCI (Payment Card Industry Security Standard)
- SOC 2
- NIST 800-53
- NIST SP800-161 Supply Chain Risk Management
- CIS Framework Controls V8