Maintain a Vulnerability Management Program

Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs #

The requirement for an effective anti-virus or malware protection mechanism is highlighted in this section. It also identifies the aspects of evaluating and maintaining the protection system.
  • 5.1 Deployment of anti-virus software on all systems.
  • 5.2 Ensuring that all anti-virus mechanisms go through periodic performance scans and generate audit logs.
  • 5.3 It has to be ensured that anti-virus mechanisms are actively running and cannot be altered by users.
  • 5.4 It has to be ensured that security policies and operational procedures that are used for protecting systems against malware are well documented and known to all affected parties.

Requirement 6: Develop and maintain secure systems and applications #

Having a data protection system is essential, and having a mechanism to test the vulnerability of that system is indispensable. Continuous monitoring and the process of identifying potential vulnerabilities and change control mechanism is outlined in this framework.
  • 6.1 A standrad process must be established to identify security vulnerabilities, using reputable outside sources for security vulnerability information.
  • 6.2 Applicable vendor supplied security patches must be used to protect all system components and software.
  • 6.3 Developing both internal and external software applications based on industry standards and in accordance with PCI DSS.
  • 6.4 Change control processes should be followed for all changes.
  • 6.5 Common coding vulnerabilities in software-development processes must be addressed.
  • 6.6 New threats must be addressed for public-facing web applications on an ongoing basis. It must be ensured that these applications are protected against known attacks.
  • 6.7 Security policies and operational procedures for developing and maintaining secure systems and applications are well documented and known to all affected parties.

Powered by BetterDocs

Ready to get Started?

Experience our Award-winning GRC platform!

Drive efficiency and value across your business with VComply’s user-friendly platform.
Product Enquiry
For any product enquiries, get in touch with a product specialist today!
Help Desk
Find your answers in our expansive knowledge base.
Start for Free