💼 6.5.1 Changes to all system components in the production environment are made according to established procedures.
-
Contextual name: 💼 6.5.1 Changes to all system components in the production environment are made according to established procedures.
-
ID:
/frameworks/pci-dss-v4.0/06/05/01 -
Located in: 💼 6.5 Changes to all system components are managed securely.
Description​
That include:
- Reason for, and description of, the change.
- Documentation of security impact.
- Documented change approval by authorized parties.
- Testing to verify that the change does not adversely impact system security.
- For bespoke and custom software changes, all updates are tested for compliance with Requirement 6.2.4 before being deployed into production.
- Procedures to address failures and return to a secure state.
Similar​
- Sections
/frameworks/pci-dss-v3.2.1/06/04/05/frameworks/pci-dss-v3.2.1/06/04/05/01/frameworks/pci-dss-v3.2.1/06/04/05/02/frameworks/pci-dss-v3.2.1/06/04/05/03/frameworks/pci-dss-v3.2.1/06/04/05/04/frameworks/pci-dss-v4.0.1/06/05/01
- Internal
- ID:
dec-c-eaf21d95
- ID:
Similar Sections (Take Policies From)​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| 💼 PCI DSS v3.2.1 → 💼 6.4.5 Change control procedures. | 4 | |||
| 💼 PCI DSS v3.2.1 → 💼 6.4.5.1 Documentation of impact. | ||||
| 💼 PCI DSS v3.2.1 → 💼 6.4.5.2 Documented change approval by authorized parties. | ||||
| 💼 PCI DSS v3.2.1 → 💼 6.4.5.3 Functionality testing to verify that the change does not adversely impact the security of the system. | ||||
| 💼 PCI DSS v3.2.1 → 💼 6.4.5.4 Back-out procedures | ||||
| 💼 PCI DSS v4.0.1 → 💼 6.5.1 Changes to all system components in the production environment are made according to established procedures. |
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| 💼 PCI DSS v3.2.1 → 💼 6.4.5 Change control procedures. | 4 | |||
| 💼 PCI DSS v3.2.1 → 💼 6.4.5.1 Documentation of impact. | ||||
| 💼 PCI DSS v3.2.1 → 💼 6.4.5.2 Documented change approval by authorized parties. | ||||
| 💼 PCI DSS v3.2.1 → 💼 6.4.5.3 Functionality testing to verify that the change does not adversely impact the security of the system. | ||||
| 💼 PCI DSS v3.2.1 → 💼 6.4.5.4 Back-out procedures | ||||
| 💼 PCI DSS v4.0.1 → 💼 6.5.1 Changes to all system components in the production environment are made according to established procedures. |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|