>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

11.4.6Additional requirement for service providers only: If segmentation is used to isolate the CDE from other networks, penetration tests are performed on segmentation controls as follows: At least once every six months and after any changes to segmentation controls/methods.

>Requirement Description

Additional requirement for service providers only: If segmentation is used to isolate the CDE from other networks, penetration tests are performed on segmentation controls as follows: At least once every six months and after any changes to segmentation controls/methods. Covering all segmentation controls/methods in use. According to the entity’s defined penetration testing methodology. Confirming that the segmentation controls/methods are operational and effective, and isolate the CDE from all out-of-scope systems. Confirming effectiveness of any use of isolation to separate systems with differing security levels (see Requirement 2.2.3). Performed by a qualified internal resource or qualified external third party. Organizational independence of the tester exists (not required to be a QSA or ASV). Applicability Notes This requirement applies only when the entity being assessed is a service provider.

>Cross-Framework Mappings

SCF

END-16
Compare
NET-06
Compare
NET-08.1
Compare
SEA-04.1
Compare
TDA-07
Compare
VPM-07
Compare
VPM-07.1
Compare

Ask AI

Configure your API key to use AI features.