πΌ 12.3.1 Each PCI DSS requirement that provides flexibility for how frequently it is performed is supported by a targeted risk analysis that is documented.
-
Contextual name: πΌ 12.3.1 Each PCI DSS requirement that provides flexibility for how frequently it is performed is supported by a targeted risk analysis that is documented.
-
ID:
/frameworks/pci-dss-v4.0/12/03/01 -
Located in: πΌ 12.3 Risks to the cardholder data environment are formally identified, evaluated, and managed.
Descriptionβ
Includes:
- Identification of the assets being protected.
- Identification of the threat(s) that the requirement is protecting against.
- Identification of factors that contribute to the likelihood and/or impact of a threat being realized.
- Resulting analysis that determines, and includes justification for, how frequently the requirement must be performed to minimize the likelihood of the threat being realized.
- Review of each targeted risk analysis at least once every 12 months to determine whether the results are still valid or if an updated risk analysis is needed.
- Performance of updated risk analyses when needed, as determined by the annual review.
Similarβ
- Sections
/frameworks/pci-dss-v4.0.1/12/03/01
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v4.0.1 β πΌ 12.3.1 For each PCI DSS requirement that specifies completion of a targeted risk analysis, the analysis is documented. |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v4.0.1 β πΌ 12.3.1 For each PCI DSS requirement that specifies completion of a targeted risk analysis, the analysis is documented. |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|