πΌ 11.4.5 If segmentation is used to isolate the CDE from other networks, penetration tests are performed on segmentation controls.
-
Contextual name: πΌ 11.4.5 If segmentation is used to isolate the CDE from other networks, penetration tests are performed on segmentation controls.
-
ID:
/frameworks/pci-dss-v4.0/11/04/05 -
Located in: πΌ 11.4 External and internal penetration testing is regularly performed, and exploitable vulnerabilities and security weaknesses are corrected.
Descriptionβ
As follows:
- At least once every 12 months and after any changes to segmentation controls/methods
- Covering all segmentation controls/methods in use.
- According to the entity's defined penetration testing methodology.
- Confirming that the segmentation controls/methods are operational and effective, and isolate the CDE from all out-of-scope systems.
- Confirming effectiveness of any use of isolation to separate systems with differing security levels (see Requirement 2.2.3).
- Performed by a qualified internal resource or qualified external third party.
- Organizational independence of the tester exists (not required to be a QSA or ASV).
Similarβ
- Sections
/frameworks/pci-dss-v3.2.1/11/03/04/frameworks/pci-dss-v4.0.1/11/04/05
Similar Sections (Take Policies From)β
Similar Sections (Give Policies To)β
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|