>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

RM-05Self-Assessments: PCI

>Control Description

On a quarterly basis, reviews shall be performed with approved documented specification to confirm personnel are following security policies and operational procedures pertaining to: • daily log reviews • firewall rule-set reviews • applying configuration standards to new systems • responding to security alerts • change management processes

Theme

Process

Type

Preventive

Policy/Standard

Risk Management Standard

>Implementation Guidance

1. Establish a quarterly process to ensure that the following policies and operational procedures are being reviewed and approved by authorized personnel: • daily log reviews • firewall rule-set reviews • applying configuration standards to new systems • responding to security alerts • change management processes

>Testing Procedure

1. Inspect whether a process exists for reviewing the following on a quarterly basis: • daily log reviews • firewall rule-set reviews • applying configuration standards to new systems • responding to security alerts • change management processes 2. Validate using the last review whether any deviations were noted and if applicable, were tracked till resolution

>Audit Artifacts

E-RM-03
E-RM-09

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

PCI DSS
2

12.4.2
12.4.2.1

Ask AI

Configure your API key to use AI features.