| 💼 6.5.1 Changes to all system components in the production environment are made according to established procedures. | | | | | no data |
| 💼 6.5.2 Upon completion of a significant change, all applicable PCI DSS requirements are confirmed to be in place on all new or changed systems and networks, and documentation is updated as applicable. | | | | | no data |
| 💼 6.5.3 Pre-production environments are separated from production environments and the separation is enforced with access controls. | | | | | no data |
| 💼 6.5.4 Roles and functions are separated between production and pre-production environments to provide accountability such that only reviewed and approved changes are deployed. | | | | | no data |
| 💼 6.5.5 Live PANs are not used in pre-production environments, except where those environments are included in the CDE and protected in accordance with all applicable PCI DSS requirements. | | | | | no data |
| 💼 6.5.6 Test data and test accounts are removed from system components before the system goes into production. | | | | | no data |