πΌ 6.5.1 Changes to all system components in the production environment are made according to established procedures.
-
Contextual name: πΌ 6.5.1 Changes to all system components in the production environment are made according to established procedures.
-
ID:
/frameworks/pci-dss-v4.0/06/05/01 -
Located in: πΌ 6.5 Changes to all system components are managed securely.
Descriptionβ
That include:
- Reason for, and description of, the change.
- Documentation of security impact.
- Documented change approval by authorized parties.
- Testing to verify that the change does not adversely impact system security.
- For bespoke and custom software changes, all updates are tested for compliance with Requirement 6.2.4 before being deployed into production.
- Procedures to address failures and return to a secure state.
Similarβ
- Sections
/frameworks/pci-dss-v3.2.1/06/04/05/frameworks/pci-dss-v3.2.1/06/04/05/01/frameworks/pci-dss-v3.2.1/06/04/05/02/frameworks/pci-dss-v3.2.1/06/04/05/03/frameworks/pci-dss-v3.2.1/06/04/05/04/frameworks/pci-dss-v4.0.1/06/05/01
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v3.2.1 β πΌ 6.4.5 Change control procedures. | 4 | |||
| πΌ PCI DSS v3.2.1 β πΌ 6.4.5.1 Documentation of impact. | ||||
| πΌ PCI DSS v3.2.1 β πΌ 6.4.5.2 Documented change approval by authorized parties. | ||||
| πΌ PCI DSS v3.2.1 β πΌ 6.4.5.3 Functionality testing to verify that the change does not adversely impact the security of the system. | ||||
| πΌ PCI DSS v3.2.1 β πΌ 6.4.5.4 Back-out procedures | ||||
| πΌ PCI DSS v4.0.1 β πΌ 6.5.1 Changes to all system components in the production environment are made according to established procedures. |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v3.2.1 β πΌ 6.4.5 Change control procedures. | 4 | |||
| πΌ PCI DSS v3.2.1 β πΌ 6.4.5.1 Documentation of impact. | ||||
| πΌ PCI DSS v3.2.1 β πΌ 6.4.5.2 Documented change approval by authorized parties. | ||||
| πΌ PCI DSS v3.2.1 β πΌ 6.4.5.3 Functionality testing to verify that the change does not adversely impact the security of the system. | ||||
| πΌ PCI DSS v3.2.1 β πΌ 6.4.5.4 Back-out procedures | ||||
| πΌ PCI DSS v4.0.1 β πΌ 6.5.1 Changes to all system components in the production environment are made according to established procedures. |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|