💼 10.8.1 Respond to failures of any critical security controls in a timely manner.

• ID: /frameworks/pci-dss-v3.2.1/10/08/01

Description

Additional requirement for service providers only.

Processes for responding to failures in security controls must include:

• Restoring security functions
• Identifying and documenting the duration (date and time start to end) of the security failure
• Identifying and documenting cause(s) of failure, including root cause, and documenting remediation required to address root cause
• Identifying and addressing any security issues that arose during the failure
• Performing a risk assessment to determine whether further actions are required as a result of the security failure
• Implementing controls to prevent cause of failure from reoccurring
• Resuming monitoring of security controls

Similar

• Sections
  • /frameworks/pci-dss-v4.0/10/07/03
• Internal
  • ID: dec-c-569e4cde

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 PCI DSS v4.0 → 💼 10.7.3 Failures of any critical security controls systems are responded to promptly.					no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 PCI DSS v4.0 → 💼 10.7.3 Failures of any critical security controls systems are responded to promptly.					no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance