Explore our new use case library! Leverage VComply for your unique needs.

Maintain a Vulnerability Management Program

Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs #

The requirement for an effective anti-virus or malware protection mechanism is highlighted in this section. It also identifies the aspects of evaluating and maintaining the protection system.
  • 5.1 Deployment of anti-virus software on all systems.
  • 5.2 Ensuring that all anti-virus mechanisms go through periodic performance scans and generate audit logs.
  • 5.3 It has to be ensured that anti-virus mechanisms are actively running and cannot be altered by users.
  • 5.4 It has to be ensured that security policies and operational procedures that are used for protecting systems against malware are well documented and known to all affected parties.

Requirement 6: Develop and maintain secure systems and applications #

Having a data protection system is essential, and having a mechanism to test the vulnerability of that system is indispensable. Continuous monitoring and the process of identifying potential vulnerabilities and change control mechanism is outlined in this framework.
  • 6.1 A standrad process must be established to identify security vulnerabilities, using reputable outside sources for security vulnerability information.
  • 6.2 Applicable vendor supplied security patches must be used to protect all system components and software.
  • 6.3 Developing both internal and external software applications based on industry standards and in accordance with PCI DSS.
  • 6.4 Change control processes should be followed for all changes.
  • 6.5 Common coding vulnerabilities in software-development processes must be addressed.
  • 6.6 New threats must be addressed for public-facing web applications on an ongoing basis. It must be ensured that these applications are protected against known attacks.
  • 6.7 Security policies and operational procedures for developing and maintaining secure systems and applications are well documented and known to all affected parties.

Powered by BetterDocs