πΌ 6.4.1 For public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis and these applications are protected against known attacks.
-
Contextual name: πΌ 6.4.1 For public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis and these applications are protected against known attacks.
-
ID:
/frameworks/pci-dss-v4.0/06/04/01 -
Located in: πΌ 6.4 Public-facing web applications are protected against attacks.
Descriptionβ
as follows:
- Reviewing public-facing web applications via manual or automated application
vulnerability security assessment tools or methods as follows:
- At least once every 12 months and after significant changes.
- By an entity that specializes in application security.
- Including, at a minimum, all common software attacks in Requirement 6.2.4.
- All vulnerabilities are ranked in accordance with requirement 6.3.1.
- All vulnerabilities are corrected.
- The application is re-evaluated after the corrections OR
- Installing an automated technical solution(s) that continually detects and
prevents web-based attacks as follows:
- Installed in front of public-facing web applications to detect and prevent web-based attacks.
- Actively running and up to date as applicable.
- Generating audit logs.
- Configured to either block web-based attacks or generate an alert that is immediately investigated.
Similarβ
- Sections
/frameworks/pci-dss-v3.2.1/06/06/frameworks/pci-dss-v4.0.1/06/04/01
Similar Sections (Take Policies From)β
Similar Sections (Give Policies To)β
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|