Blog

PCI Requirement 5.3 – Ensure Anti-Virus Mechanisms are Active and Can’t be Altered

by Randy Bartels / February 7, 2023

Now that there is an anti-virus solution installed and running in your environment, we need to keep it that way. PCI Requirement 5.3 states, “Ensure that anti-virus mechanisms are actively running and cannot be disabled or altered by users, unless specifically authorized by management on a case-by-case basis for a limited time period.” There may be situations when you need to disable the anti-virus mechanism for a very short period…

PCI Requirement 5.2 – Ensure all Anti-Virus Mechanisms are Current, Perform Periodic Scans, and Generate Audit Logs

by Randy Bartels / December 19, 2022

Because the threat landscape is constantly evolving, you must keep your organization’s malware protection abreast. PCI Requirement 5.2 exists to, “Ensure that all anti-virus mechanisms are maintained as follows: are kept current, perform periodic scans, and generate audit logs which are retained per PCI DSS Requirement 10.7.” Your organization’s anti-virus solution must be kept current. Every day, new types of malware are created and new definitions are released, so your…

PCI Requirement 5.1.2 – Perform Periodic Evaluations to Identify and Evaluate Evolving Malware Threats

by Randy Bartels / December 19, 2022

The threat landscape is constantly changing; the trends for malware can change quickly, so it’s vital for your organization that PCI Requirement 5.1.2 is met. This requirement goes a step further than PCI Requirement 5.1. PCI Requirement 5.1.2 states, “For systems considered to be not commonly affected by malicious software, perform periodic evaluations to identify and evaluate evolving malware threats in order to confirm whether such systems continue to not…

PCI Requirement 5.1.1 – Ensure Anti-Virus Programs are Capable of Detecting, Removing, and Protecting Against Malware

by Randy Bartels / February 7, 2023

It’s crucial that your organization can protect itself from all types and forms of malicious software, including viruses, Trojans, worms, spyware, adware, and rootkits. PCI Requirement 5.1.1 requires that your organization’s anti-virus program is capable of three things: Detecting all known types of malware Removing all known types of malware Protecting against all known types of malware Some solutions perform whitelisting, which prevents malware from ever running in the first…

PCI Requirement 5.1 – Deploy Anti-Virus Software on all Commonly Affected Systems

by Randy Bartels / February 7, 2023

There are more people than you think looking to harm your environment. We used to see viruses created just for the sake of creating viruses. Nowadays, organizations are attacked by software that is specifically written for their environment, probably by somebody that has knowledge of their environment. Your organization should take every precaution possible to prevent a potential attack; this is why PCI Requirement 5 states that all systems need…

PCI Requirement 5.3 – Ensure Anti-Virus Mechanisms are Active and Can’t be Altered

PCI Requirement 5.2 – Ensure all Anti-Virus Mechanisms are Current, Perform Periodic Scans, and Generate Audit Logs

PCI Requirement 5.1.2 – Perform Periodic Evaluations to Identify and Evaluate Evolving Malware Threats

PCI Requirement 5.1.1 – Ensure Anti-Virus Programs are Capable of Detecting, Removing, and Protecting Against Malware

PCI Requirement 5.1 – Deploy Anti-Virus Software on all Commonly Affected Systems

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.