💼 6.3.2 Review custom code prior to release to production or customers in order to identify any potential coding vulnerability.
-
Contextual name: 💼 6.3.2 Review custom code prior to release to production or customers in order to identify any potential coding vulnerability.
-
ID:
/frameworks/pci-dss-v3.2.1/06/03/02 -
Located in: 💼 6.3 Develop internal and external software applications securely.
Description​
Include at least the following:
- Code changes are reviewed by individuals other than the originating code author, and by individuals knowledgeable about code-review techniques and secure coding practices.
- Code reviews ensure code is developed according to secure coding guidelines
- Appropriate corrections are implemented prior to release.
- Code-review results are reviewed and approved by management prior to release.
This requirement for code reviews applies to all custom code (both internal and public-facing), as part of the system development life cycle.
Code reviews can be conducted by knowledgeable internal personnel or third parties. Public-facing web applications are also subject to additional controls, to address ongoing threats and vulnerabilities after implementation, as defined at PCI DSS Requirement 6.6.
Similar​
- Sections
/frameworks/pci-dss-v4.0/06/02/03/01/frameworks/pci-dss-v4.0/06/02/03
- Internal
- ID:
dec-c-2097dec8
- ID:
Similar Sections (Take Policies From)​
Similar Sections (Give Policies To)​
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|