πΌ 10.8.1 Respond to failures of any critical security controls in a timely manner.
-
Contextual name: πΌ 10.8.1 Respond to failures of any critical security controls in a timely manner.
-
ID:
/frameworks/pci-dss-v3.2.1/10/08/01 -
Located in: πΌ 10.8 Implement a process for the timely detection and reporting of failures of critical security control systems.
Descriptionβ
Additional requirement for service providers only.
Processes for responding to failures in security controls must include:
- Restoring security functions
- Identifying and documenting the duration (date and time start to end) of the security failure
- Identifying and documenting cause(s) of failure, including root cause, and documenting remediation required to address root cause
- Identifying and addressing any security issues that arose during the failure
- Performing a risk assessment to determine whether further actions are required as a result of the security failure
- Implementing controls to prevent cause of failure from reoccurring
- Resuming monitoring of security controls
Similarβ
- Sections
/frameworks/pci-dss-v4.0/10/07/03
- Internal
- ID:
dec-c-569e4cde
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v4.0 β πΌ 10.7.3 Failures of any critical security controls systems are responded to promptly. |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v4.0 β πΌ 10.7.3 Failures of any critical security controls systems are responded to promptly. |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|