💼 5.2.3 Any system components that are not at risk for malware are evaluated periodically.

• Contextual name: 💼 5.2.3 Any system components that are not at risk for malware are evaluated periodically.

• ID: /frameworks/pci-dss-v4.0/05/02/03

• Located in: 💼 5.2 Malicious software (malware) is prevented, or detected and addressed.

Description

include the following:

• A documented list of all system components not at risk for malware.
• Identification and evaluation of evolving malware threats for those system components.
• Confirmation whether such system components continue to not require anti-malware protection.

Similar

• Sections
  • /frameworks/pci-dss-v3.2.1/05/01/02
  • /frameworks/pci-dss-v4.0.1/05/02/03
• Internal
  • ID: dec-c-3f30c28c

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PCI DSS v3.2.1 → 💼 5.1.2 For systems considered to be not commonly affected by malicious software, perform periodic evaluations to identify and evaluate evolving malware threats in order to confirm whether such systems continue to not require anti-virus software.
💼 PCI DSS v4.0.1 → 💼 5.2.3 Any system components that are not at risk for malware are evaluated periodically.	1

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PCI DSS v3.2.1 → 💼 5.1.2 For systems considered to be not commonly affected by malicious software, perform periodic evaluations to identify and evaluate evolving malware threats in order to confirm whether such systems continue to not require anti-virus software.
💼 PCI DSS v4.0.1 → 💼 5.2.3 Any system components that are not at risk for malware are evaluated periodically.	1

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 5.2.3.1 The frequency of periodic evaluations of system components identified as not at risk for malware is defined in the entity's targeted risk analysis.