>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

11.4.5If segmentation is used to isolate the CDE from other networks, penetration tests are performed on segmentation controls as follows: At least once every 12 months and after any changes to segmentation controls/methods Covering all segmentation controls/methods in use.

>Requirement Description

If segmentation is used to isolate the CDE from other networks, penetration tests are performed on segmentation controls as follows: At least once every 12 months and after any changes to segmentation controls/methods Covering all segmentation controls/methods in use. According to the entity’s defined penetration testing methodology. Confirming that the segmentation controls/methods are operational and effective, and isolate the CDE from all out-of-scope systems. Confirming effectiveness of any use of isolation to separate systems with differing security levels (see Requirement 2.2.3). Performed by a qualified internal resource or qualified external third party. Organizational independence of the tester exists (not required to be a QSA or ASV).

>Cross-Framework Mappings

SCF

END-16
Compare
NET-06
Compare
NET-08.1
Compare
SEA-04.1
Compare
TDA-07
Compare
VPM-07
Compare
VPM-07.1
Compare

Ask AI

Configure your API key to use AI features.