💼 6.3.2 Review custom code prior to release to production or customers in order to identify any potential coding vulnerability.
- ID:
/frameworks/pci-dss-v3.2.1/06/03/02
Description
Include at least the following:
- Code changes are reviewed by individuals other than the originating code author, and by individuals knowledgeable about code-review techniques and secure coding practices.
- Code reviews ensure code is developed according to secure coding guidelines
- Appropriate corrections are implemented prior to release.
- Code-review results are reviewed and approved by management prior to release.
This requirement for code reviews applies to all custom code (both internal and public-facing), as part of the system development life cycle.
Code reviews can be conducted by knowledgeable internal personnel or third parties. Public-facing web applications are also subject to additional controls, to address ongoing threats and vulnerabilities after implementation, as defined at PCI DSS Requirement 6.6.
Similar
- Sections
/frameworks/pci-dss-v4.0/06/02/03/01/frameworks/pci-dss-v4.0/06/02/03
- Internal
- ID:
dec-c-2097dec8
- ID:
Similar Sections (Take Policies From)
Similar Sections (Give Policies To)
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (1)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ AWS ECR Repository Manual Scanning is enabled🟢 | 1 | 🟢 x6 | no data |