💼 12.3 Risks to the cardholder data environment are formally identified, evaluated, and managed.

• Contextual name: 💼 12.3 Risks to the cardholder data environment are formally identified, evaluated, and managed.

• ID: /frameworks/pci-dss-v4.0/12/03

• Located in: 💼 12 Support Information Security with Organizational Policies and Programs

Description

Empty...

Similar

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 12.3.1 Each PCI DSS requirement that provides flexibility for how frequently it is performed is supported by a targeted risk analysis that is documented.
💼 12.3.2 A targeted risk analysis is performed for each PCI DSS requirement that the entity meets with the customized approach.
💼 12.3.3 Cryptographic cipher suites and protocols in use are documented and reviewed at least once every 12 months.
💼 12.3.4 Hardware and software technologies in use are reviewed at least once every 12 months.