πΌ 6.3.1 Security vulnerabilities are identified and managed.
-
Contextual name: πΌ 6.3.1 Security vulnerabilities are identified and managed.
-
ID:
/frameworks/pci-dss-v4.0/06/03/01 -
Located in: πΌ 6.3 Security vulnerabilities are identified and addressed.
Descriptionβ
As follows:
- New security vulnerabilities are identified using industry-recognized sources for security vulnerability information, including alerts from international and national computer emergency response teams (CERTs).
- Vulnerabilities are assigned a risk ranking based on industry best practices and consideration of potential impact.
- Risk rankings identify, at a minimum, all vulnerabilities considered to be a high-risk or critical to the environment.
- Vulnerabilities for bespoke and custom, and third-party software (for example operating systems and databases) are covered.
Similarβ
- Sections
/frameworks/pci-dss-v3.2.1/06/01/frameworks/pci-dss-v4.0.1/06/03/01
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v3.2.1 β πΌ 6.1 Establish a process to identify security vulnerabilities, using reputable outside sources for security vulnerability information, and assign a risk ranking to newly discovered security vulnerabilities. | ||||
| πΌ PCI DSS v4.0.1 β πΌ 6.3.1 Security vulnerabilities are identified and managed. |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v3.2.1 β πΌ 6.1 Establish a process to identify security vulnerabilities, using reputable outside sources for security vulnerability information, and assign a risk ranking to newly discovered security vulnerabilities. | ||||
| πΌ PCI DSS v4.0.1 β πΌ 6.3.1 Security vulnerabilities are identified and managed. |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|