Skip to main content

💼 11.3.4.1 If segmentation is used, confirm PCI DSS scope by performing penetration testing on segmentation controls at least every six months and after any changes to segmentation controls/methods.

Contextual name: 💼 11.3.4.1 If segmentation is used, confirm PCI DSS scope by performing penetration testing on segmentation controls at least every six months and after any changes to segmentation controls/methods.
ID: /frameworks/pci-dss-v3.2.1/11/03/04/01
Located in: 💼 11.3.4 If segmentation is used to isolate the CDE from other networks, perform penetration tests at least annually and after any changes to segmentation controls/methods to verify that the segmentation methods are operational and effective, and isolate all out-of-scope systems from systems in the CDE.

Description

Additional requirement for service providers only.

Similar

Sections
- /frameworks/pci-dss-v4.0/11/04/06
Internal
- ID: dec-c-7e62c2d1

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PCI DSS v4.0 → 💼 11.4.6 If segmentation is used to isolate the CDE from other networks, penetration tests are performed on segmentation controls.

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PCI DSS v4.0 → 💼 11.4.6 If segmentation is used to isolate the CDE from other networks, penetration tests are performed on segmentation controls.

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Description
Similar
Similar Sections (Take Policies From)
Similar Sections (Give Policies To)
Sub Sections