💼 6.3.1 Security vulnerabilities are identified and managed.

Description

As follows:

New security vulnerabilities are identified using industry-recognized sources for security vulnerability information, including alerts from international and national computer emergency response teams (CERTs).
Vulnerabilities are assigned a risk ranking based on industry best practices and consideration of potential impact.
Risk rankings identify, at a minimum, all vulnerabilities considered to be a high-risk or critical to the environment.
Vulnerabilities for bespoke and custom, and third-party software (for example operating systems and databases) are covered.

Sections
- /frameworks/pci-dss-v3.2.1/06/01
- /frameworks/pci-dss-v4.0.1/06/03/01
Internal
- ID: dec-c-c25df04d

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 PCI DSS v3.2.1 → 💼 6.1 Establish a process to identify security vulnerabilities, using reputable outside sources for security vulnerability information, and assign a risk ranking to newly discovered security vulnerabilities.			2		no data
💼 PCI DSS v4.0.1 → 💼 6.3.1 Security vulnerabilities are identified and managed.			2		no data

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 PCI DSS v3.2.1 → 💼 6.1 Establish a process to identify security vulnerabilities, using reputable outside sources for security vulnerability information, and assign a risk ranking to newly discovered security vulnerabilities.			2		no data
💼 PCI DSS v4.0.1 → 💼 6.3.1 Security vulnerabilities are identified and managed.			2		no data

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policy	Logic Count	Flags	Compliance
🛡️ AWS Inspector Lambda Code Scanning is not enabled🟢	1	🟢 x6	no data
🛡️ AWS Inspector Lambda Standard Scanning is not enabled🟢	1	🟢 x6	no data