Table of Contents
Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs #The requirement for an effective anti-virus or malware protection mechanism is highlighted in this section. It also identifies the aspects of evaluating and maintaining the protection system.
- 5.1 Deployment of anti-virus software on all systems.
- 5.2 Ensuring that all anti-virus mechanisms go through periodic performance scans and generate audit logs.
- 5.3 It has to be ensured that anti-virus mechanisms are actively running and cannot be altered by users.
- 5.4 It has to be ensured that security policies and operational procedures that are used for protecting systems against malware are well documented and known to all affected parties.
Requirement 6: Develop and maintain secure systems and applications #Having a data protection system is essential, and having a mechanism to test the vulnerability of that system is indispensable. Continuous monitoring and the process of identifying potential vulnerabilities and change control mechanism is outlined in this framework.
- 6.1 A standrad process must be established to identify security vulnerabilities, using reputable outside sources for security vulnerability information.
- 6.2 Applicable vendor supplied security patches must be used to protect all system components and software.
- 6.3 Developing both internal and external software applications based on industry standards and in accordance with PCI DSS.
- 6.4 Change control processes should be followed for all changes.
- 6.5 Common coding vulnerabilities in software-development processes must be addressed.
- 6.6 New threats must be addressed for public-facing web applications on an ongoing basis. It must be ensured that these applications are protected against known attacks.
- 6.7 Security policies and operational procedures for developing and maintaining secure systems and applications are well documented and known to all affected parties.