💼 12.3.1 Each PCI DSS requirement that provides flexibility for how frequently it is performed is supported by a targeted risk analysis that is documented.
- ID:
/frameworks/pci-dss-v4.0/12/03/01
Description​
Includes:
- Identification of the assets being protected.
- Identification of the threat(s) that the requirement is protecting against.
- Identification of factors that contribute to the likelihood and/or impact of a threat being realized.
- Resulting analysis that determines, and includes justification for, how frequently the requirement must be performed to minimize the likelihood of the threat being realized.
- Review of each targeted risk analysis at least once every 12 months to determine whether the results are still valid or if an updated risk analysis is needed.
- Performance of updated risk analyses when needed, as determined by the annual review.
Similar​
- Sections
/frameworks/pci-dss-v4.0.1/12/03/01
- Internal
- ID:
dec-c-88a37ef3
- ID:
Similar Sections (Take Policies From)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 PCI DSS v4.0.1 → 💼 12.3.1 For each PCI DSS requirement that specifies completion of a targeted risk analysis, the analysis is documented. | no data |
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 PCI DSS v4.0.1 → 💼 12.3.1 For each PCI DSS requirement that specifies completion of a targeted risk analysis, the analysis is documented. | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|