💼 6.4.1 For public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis and these applications are protected against known attacks.

• ID: /frameworks/pci-dss-v4.0.1/06/04/01

Description

as follows:

• Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods as follows:
  • At least once every 12 months and after significant changes.
  • By an entity that specializes in application security.
  • Including, at a minimum, all common software attacks in Requirement 6.2.4.
  • All vulnerabilities are ranked in accordance with requirement 6.3.1.
  • All vulnerabilities are corrected.
  • The application is re-evaluated after the corrections OR
• Installing an automated technical solution(s) that continually detects and prevents web-based attacks as follows:
  • Installed in front of public-facing web applications to detect and prevent web-based attacks.
  • Actively running and up to date as applicable.
  • Generating audit logs.
  • Configured to either block web-based attacks or generate an alert that is immediately investigated.

Similar

• Sections
  • /frameworks/pci-dss-v4.0/06/04/01

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 PCI DSS v4.0 → 💼 6.4.1 For public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis and these applications are protected against known attacks.			11		no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 PCI DSS v4.0 → 💼 6.4.1 For public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis and these applications are protected against known attacks.			11		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (11)

Policy	Logic Count	Flags	Compliance
🛡️ Google Cloud SQL Server Instance remote access Database Flag is not set to off🟢	1	🟢 x6	no data
🛡️ Google GCE Instance Enable Connecting to Serial Ports is not disabled🟢	1	🟢 x6	no data
🛡️ Google HTTP(S) Load Balancer Logging is not enabled🟢	1	🟢 x6	no data
🛡️ Google Logging Log Metric Filter and Alerts for Audit Configuration Changes do not exist🟢	1	🟢 x6	no data
🛡️ Google Logging Log Metric Filter and Alerts for Custom Role Changes do not exist🟢	1	🟢 x6	no data
🛡️ Google Logging Log Metric Filter and Alerts for Project Ownership Assignments Changes do not exist🟢	1	🟢 x6	no data
🛡️ Google Logging Log Metric Filter and Alerts for SQL Instance Configuration Changes do not exist🟢	1	🟢 x6	no data
🛡️ Google Logging Log Metric Filter and Alerts for VPC Network Changes do not exist🟢	1	🔴 x1, 🟢 x5	no data
🛡️ Google Logging Log Metric Filter and Alerts for VPC Network Firewall Rule Changes do not exist🟢	1	🟢 x6	no data
🛡️ Google Logging Log Metric Filter and Alerts for VPC Network Route Changes do not exist🟢	1	🟢 x6	no data
🛡️ Google Logging Log Sink for All Log Entries is not configured🟢	1	🟢 x6	no data