💼 12.3.1 For each PCI DSS requirement that specifies completion of a targeted risk analysis, the analysis is documented.
-
Contextual name: 💼 12.3.1 For each PCI DSS requirement that specifies completion of a targeted risk analysis, the analysis is documented.
-
ID:
/frameworks/pci-dss-v4.0.1/12/03/01 -
Located in: 💼 12.3 Risks to the cardholder data environment are formally identified, evaluated, and managed.
Description​
Includes:
- Identification of the assets being protected.
- Identification of the threat(s) that the requirement is protecting against.
- Identification of factors that contribute to the likelihood and/or impact of a threat being realized.
- Resulting analysis that determines, and includes justification for, how the frequency or processes defined by the entity to meet the requirement minimize the likelihood and/or impact of the threat being realized.
- Review of each targeted risk analysis at least once every 12 months to determine whether the results are still valid or if an updated risk analysis is needed.
- Performance of updated risk analyses when needed, as determined by the annual review.
Similar​
- Sections
/frameworks/pci-dss-v4.0/12/03/01
Similar Sections (Take Policies From)​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| 💼 PCI DSS v4.0 → 💼 12.3.1 Each PCI DSS requirement that provides flexibility for how frequently it is performed is supported by a targeted risk analysis that is documented. |
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| 💼 PCI DSS v4.0 → 💼 12.3.1 Each PCI DSS requirement that provides flexibility for how frequently it is performed is supported by a targeted risk analysis that is documented. |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|