πΌ 11.4.2 Internal penetration testing is performed.
-
Contextual name: πΌ 11.4.2 Internal penetration testing is performed.
-
ID:
/frameworks/pci-dss-v4.0/11/04/02 -
Located in: πΌ 11.4 External and internal penetration testing is regularly performed, and exploitable vulnerabilities and security weaknesses are corrected.
Descriptionβ
Including:
- Per the entity's defined methodology,
- At least once every 12 months
- After any significant infrastructure or application upgrade or change
- By a qualified internal resource or qualified external third-party
- Organizational independence of the tester exists (not required to be a QSA or ASV).
Similarβ
- Sections
/frameworks/pci-dss-v3.2.1/11/03/02/frameworks/pci-dss-v4.0.1/11/04/02
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v3.2.1 β πΌ 11.3.2 Perform internal penetration testing at least annually and after any significant infrastructure or application upgrade or modification. | ||||
| πΌ PCI DSS v4.0.1 β πΌ 11.4.2 Internal penetration testing is performed. |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v3.2.1 β πΌ 11.3.2 Perform internal penetration testing at least annually and after any significant infrastructure or application upgrade or modification. | ||||
| πΌ PCI DSS v4.0.1 β πΌ 11.4.2 Internal penetration testing is performed. |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|