PCI Requirement 5

Protect All Systems Against PCI Malware and Regularly Update Anti-Virus Software or Programs

More people than you think are looking to harm your environment. PCI malware is more of a problem now than ever before. This is why PCI Requirement 5 specifically calls out that your organization should protect against malware and use anti-virus software. Malware constantly shows up in today’s headlines. Malware could be viruses, worms, ransomware, Trojans, etc. Your organization should take every precaution possible to prevent a potential attack.

In these videos, you will learn about anti-virus solutions, malware protection, commonly affected systems, and the evolving threat landscape. Meeting PCI Requirement 5 will help protect your organization from being infected by malware attacks. Click on a video below to get started with PCI Requirement 5.

PCI Requirement 5.1

PCI Requirement 5.1 – Deploy Anti-Virus Software on all Commonly Affected Systems

There’s more people than you think looking to harm to your environment. We used to see viruses created just for the sake of creating viruses. Nowadays, organizations are attacked by software that is specifically written for their environment, probably by somebody that has knowledge of their environment.
August 23, 2017/by Randy Bartels
PCI Requirement 5.1.1

PCI Requirement 5.1.1 – Ensure Anti-Virus Programs are Capable of Detecting, Removing, and Protecting Against Malware

It’s crucial that your organization can protect itself…
August 23, 2017/by Randy Bartels
PCI Requirement 5.1.2

PCI Requirement 5.1.2 – Perform Periodic Evaluations to Identify and Evaluate Evolving Malware Threats

The threat landscape is constantly changing; the trends for malware can change quickly, so it’s vital for your organization that PCI Requirement 5.1.2 is met. This requirement goes a step further than PCI Requirement 5.1. PCI Requirement 5.1.2 states, “For systems considered to be not commonly affected by malicious software, perform periodic evaluations to identify and evaluate evolving malware threats in order to confirm whether such systems continue to not require anti-virus software.” Just because a certain platform isn’t susceptible to malware today, doesn’t mean it won’t be vulnerable tomorrow.
August 23, 2017/by Randy Bartels
PCI Requirement 5.2

PCI Requirement 5.2 – Ensure all Anti-Virus Mechanisms are Current, Perform Periodic Scans, and Generate Audit Logs

Because the threat landscape is constantly evolving, you must keep your organization’s malware protection abreast. PCI Requirement 5.2 exists to, “Ensure that all anti-virus mechanisms are maintained as follows: are kept current, perform periodic scans, and generate audit logs which are retained per PCI DSS Requirement 10.7.”
August 23, 2017/by Randy Bartels
PCI Requirement 5.3

PCI Requirement 5.3 – Ensure Anti-Virus Mechanisms are Active and Can’t be Altered

Now that there is an anti-virus solution installed and running in your environment, we need to keep it that way. PCI Requirement 5.3 states, “Ensure that anti-virus mechanisms are actively running and cannot be disabled or altered by users, unless specifically authorized by management on a case-by-case basis for a limited time period.”
August 23, 2017/by Randy Bartels
PCI Requirement 5.4

PCI Requirement 5.4 – Ensure Security Policies and Procedures are Known to all Affected Parties

PCI Requirement 5 states, “Protect all systems against malware and regularly update anti-virus software or programs.” For this requirement, we’ve discussed the 5 sub-requirements and topics such as anti-virus solutions, malware protection, commonly affected systems, and the evolving threat landscape.
August 23, 2017/by Randy Bartels