PCI Requirement 6.2 – Ensure all Systems and Software are Protected from Known Vulnerabilities

by Randy Bartels / February 7, 2023

Ensure All Systems and Software are Protected from Known Vulnerabilities In PCI Requirement 6.1, you learned how to establish a process to identify security vulnerabilities. Now, in PCI Requirement 6.2, we’ll discuss patch management programs. PCI Requirement 6.2 states, “Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within one month of release.” In today’s threat landscape,…

Read More

PCI Requirement 6.1 – Establish a Process to Identify Security Vulnerabilities

by Randy Bartels / February 7, 2023

What is PCI Requirement 6.1? PCI Requirement 6.1 states, “Establish a process to identify security vulnerabilities, using reputable outside sources for security vulnerability information, and assign a risk ranking to newly discovered security vulnerabilities.” The purpose of PCI Requirement 6.1 is to ensure that your organization is up to date with new security vulnerabilities that could impact your environment. Assessors will look to see that you have a formal, established…

Read More

PCI Requirement 6 – Develop and Maintain Secure Systems and Applications

by Randy Bartels / February 7, 2023

PCI Requirement 6 pairs with PCI Requirement 5 to satisfy vulnerability management program expectations. PCI Requirement 6 states, “Develop and maintain secure systems and applications.” The purpose of this requirement is to build a process for securely managing the software within your environment. Develop and Maintain Secure Systems and Applications in Your Environment PCI Requirement 6 helps your organization develop and maintain secure systems and applications. Attackers often use security…

Read More