💼 11.4.3 External penetration testing is performed.
- ID:
/frameworks/pci-dss-v4.0/11/04/03
Description​
Including:
- Per the entity's defined methodology
- At least once every 12 months
- After any significant infrastructure or application upgrade or change
- By a qualified internal resource or qualified external third party
- Organizational independence of the tester exists (not required to be a QSA or ASV).
Similar​
- Sections
/frameworks/pci-dss-v3.2.1/11/03/01/frameworks/pci-dss-v4.0.1/11/04/03
- Internal
- ID:
dec-c-45459efa
- ID:
Similar Sections (Take Policies From)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 PCI DSS v3.2.1 → 💼 11.3.1 Perform external penetration testing at least annually and after any significant infrastructure or application upgrade or modification. | no data | ||||
| 💼 PCI DSS v4.0.1 → 💼 11.4.3 External penetration testing is performed. | no data |
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 PCI DSS v3.2.1 → 💼 11.3.1 Perform external penetration testing at least annually and after any significant infrastructure or application upgrade or modification. | no data | ||||
| 💼 PCI DSS v4.0.1 → 💼 11.4.3 External penetration testing is performed. | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|