PCI Requirement 6.3.2 – Review Custom Code Prior to Release

by Randy Bartels / February 7, 2023

How to Review Custom Code Prior to Release PCI Requirement 6 requires your organization to go through many phases of development before production to ensure that software applications are being securely developed. PCI Requirement 6.3.1 requires that any testing data being used in the development and testing phases is removed before the application goes into production. PCI Requirement 6.3.2 adds another level of information security to the application by requiring…

PCI Requirement 6.3.1 – Remove Development and Test Accounts, User IDs, and Passwords Before Release

by Randy Bartels / February 7, 2023

Why Remove Test Data Before Production? PCI Requirement 6 says that software applications should be developed in a secure way, which requires that your organization go through many phases to ensure information security is incorporated throughout the application. PCI Requirement 6.3.1 picks up during the development phase and testing phases. PCI Requirement 6.3.1 states, “Remove development, test and/or custom application accounts, user IDs, and passwords before applications become active or…

PCI Requirement 6.3 – Develop Secure Software Applications

by Randy Bartels / February 7, 2023

Secure Software Application Defined PCI Requirement 6.3 focuses on the software development lifecycle, or SDLC. PCI Requirement 6.3 states that all internal and external software applications must be securely developed, in accordance with the PCI DSS, industry best practices, and with information security incorporated. A securely developed software application should have several capabilities. It should be able to function in a hardened application or operating system. The application must encrypt…

PCI Requirement 6.2 – Ensure all Systems and Software are Protected from Known Vulnerabilities

by Randy Bartels / February 7, 2023

Ensure All Systems and Software are Protected from Known Vulnerabilities In PCI Requirement 6.1, you learned how to establish a process to identify security vulnerabilities. Now, in PCI Requirement 6.2, we’ll discuss patch management programs. PCI Requirement 6.2 states, “Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within one month of release.” In today’s threat landscape,…

PCI Requirement 6.1 – Establish a Process to Identify Security Vulnerabilities

by Randy Bartels / February 7, 2023

What is PCI Requirement 6.1? PCI Requirement 6.1 states, “Establish a process to identify security vulnerabilities, using reputable outside sources for security vulnerability information, and assign a risk ranking to newly discovered security vulnerabilities.” The purpose of PCI Requirement 6.1 is to ensure that your organization is up to date with new security vulnerabilities that could impact your environment. Assessors will look to see that you have a formal, established…