πΌ 11.3.4 If segmentation is used to isolate the CDE from other networks, perform penetration tests at least annually and after any changes to segmentation controls/methods to verify that the segmentation methods are operational and effective, and isolate all out-of-scope systems from systems in the CDE.
- Contextual name: πΌ 11.3.4 If segmentation is used to isolate the CDE from other networks, perform penetration tests at least annually and after any changes to segmentation controls/methods to verify that the segmentation methods are operational and effective, and isolate all out-of-scope systems from systems in the CDE.
- ID:
/frameworks/pci-dss-v3.2.1/11/03/04 - Located in: πΌ 11.3 Implement a methodology for penetration testing.
Descriptionβ
Empty...
Similarβ
- Sections
/frameworks/pci-dss-v4.0/11/04/05
- Internal
- ID:
dec-c-20e76ea3
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v4.0 β πΌ 11.4.5 If segmentation is used to isolate the CDE from other networks, penetration tests are performed on segmentation controls. |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v4.0 β πΌ 11.4.5 If segmentation is used to isolate the CDE from other networks, penetration tests are performed on segmentation controls. |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ 11.3.4.1 If segmentation is used, confirm PCI DSS scope by performing penetration testing on segmentation controls at least every six months and after any changes to segmentation controls/methods. |