
PCI Requirement 11.3.2 – Perform Internal Penetration Testing at Least Annually
Internal Penetration Testing PCI Requirement 11.3.2 requires that organizations perform internal penetration testing at least annually and after any significant upgrade or modification. Internal penetration tests focus on servers, workstations, and other network devices that are within the target environment. The goal is to identify exploitable weaknesses that could allow an attacker to gain access to these systems, ultimately leading to access to sensitive data. When determining what constitutes…



