💼 12.2 Implement a risk-assessment process.
- ID:
/frameworks/pci-dss-v3.2.1/12/02
Description​
This process:
- Is performed at least annually and upon significant changes to the environment (for example, acquisition, merger, relocation, etc.),
- Identifies critical assets, threats, and vulnerabilities, and
- Results in a formal, documented analysis of risk.
Examples of risk-assessment methodologies include but are not limited to OCTAVE, ISO 27005 and NIST SP 800-30.
Similar​
- Internal
- ID:
dec-c-eddb5b24
- ID:
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|