💼 6.5 Changes to all system components are managed securely.

• Contextual name: 💼 6.5 Changes to all system components are managed securely.

• ID: /frameworks/pci-dss-v4.0.1/06/05

• Located in: 💼 6 Develop and Maintain Secure Systems and Software

Description

Empty...

Similar

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 6.5.1 Changes to all system components in the production environment are made according to established procedures.
💼 6.5.2 Upon completion of a significant change, all applicable PCI DSS requirements are confirmed to be in place on all new or changed systems and networks, and documentation is updated as applicable.
💼 6.5.3 Pre-production environments are separated from production environments and the separation is enforced with access controls.
💼 6.5.4 Roles and functions are separated between production and pre-production environments to provide accountability such that only reviewed and approved changes are deployed.
💼 6.5.5 Live PANs are not used in pre-production environments, except where those environments are included in the CDE and protected in accordance with all applicable PCI DSS requirements.
💼 6.5.6 Test data and test accounts are removed from system components before the system goes into production.