Skip to main content

Repository → 💼 PCI DSS v3.2.1 → 💼 12 Maintain a policy that addresses information security for all personnel.

💼 12.2 Implement a risk-assessment process.

  • ID: /frameworks/pci-dss-v3.2.1/12/02

Description

This process:

  • Is performed at least annually and upon significant changes to the environment (for example, acquisition, merger, relocation, etc.),
  • Identifies critical assets, threats, and vulnerabilities, and
  • Results in a formal, documented analysis of risk.

Examples of risk-assessment methodologies include but are not limited to OCTAVE, ISO 27005 and NIST SP 800-30.

Similar

  • Internal
    • ID: dec-c-eddb5b24

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance