Skip to main content

πŸ’Ό 5.2.3 Any system components that are not at risk for malware are evaluated periodically.

Description​

include the following:

  • A documented list of all system components not at risk for malware.
  • Identification and evaluation of evolving malware threats for those system components.
  • Confirmation whether such system components continue to not require anti-malware protection.

Similar​

  • Sections
    • /frameworks/pci-dss-v3.2.1/05/01/02
    • /frameworks/pci-dss-v4.0.1/05/02/03

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 5.1.2 For systems considered to be not commonly affected by malicious software, perform periodic evaluations to identify and evaluate evolving malware threats in order to confirm whether such systems continue to not require anti-virus software.
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 5.2.3 Any system components that are not at risk for malware are evaluated periodically.1

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 5.1.2 For systems considered to be not commonly affected by malicious software, perform periodic evaluations to identify and evaluate evolving malware threats in order to confirm whether such systems continue to not require anti-virus software.
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 5.2.3 Any system components that are not at risk for malware are evaluated periodically.1

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό 5.2.3.1 The frequency of periodic evaluations of system components identified as not at risk for malware is defined in the entity's targeted risk analysis.