💼 11.4 External and internal penetration testing is regularly performed, and exploitable vulnerabilities and security weaknesses are corrected.

• Contextual name: 💼 11.4 External and internal penetration testing is regularly performed, and exploitable vulnerabilities and security weaknesses are corrected.

• ID: /frameworks/pci-dss-v4.0.1/11/04

• Located in: 💼 11 Test Security of Systems and Networks Regularly

Description

Empty...

Similar

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 11.4.1 A penetration testing methodology is defined, documented, and implemented by the entity.
💼 11.4.2 Internal penetration testing is performed.
💼 11.4.3 External penetration testing is performed.
💼 11.4.4 Exploitable vulnerabilities and security weaknesses found during penetration testing are corrected.
💼 11.4.5 If segmentation is used to isolate the CDE from other networks, penetration tests are performed on segmentation controls.
💼 11.4.6 If segmentation is used to isolate the CDE from other networks, penetration tests are performed on segmentation controls.
💼 11.4.7 Multi-tenant service providers support their customers for external penetration testing per Requirement 11.4.3 and 11.4.4.