127 indexed
COMPLIANCECompliance controls
127 controls across 14 compliance frameworks, grouped by framework. For cross-framework Jaccard overlap see /explore/crosswalk. Authored by Adam Lundqvist.
12 in PCI DSS v4 · 127 total
| ID | Title | Summary |
|---|---|---|
| PCI_DSS_v4-R1 | Install and Maintain Network Security Controls PCI DSS v4pentest:high | Network security controls (NSCs), such as firewalls and other network security technologies, are network policy enforcement points that typically control netwo… |
| PCI_DSS_v4-R10 | Log and Monitor All Access to System Components and Cardholder Data PCI DSS v4pentest:high | Logging mechanisms and the ability to track user activities are critical in preventing, detecting, or minimising the impact of a data compromise. The presence … |
| PCI_DSS_v4-R11 | Test Security of Systems and Networks Regularly PCI DSS v4pentest:high | Vulnerabilities are being discovered continually by malicious individuals and researchers, and being introduced by new software. System components, processes, … |
| PCI_DSS_v4-R12 | Support Information Security with Organizational Policies and Programs PCI DSS v4pentest:medium | A strong security policy sets the security tone for the whole entity and lets personnel know what is expected of them. All personnel should be aware of the sen… |
| PCI_DSS_v4-R2 | Apply Secure Configurations to All System Components PCI DSS v4pentest:high | Malicious individuals (external and internal) often use default passwords and other vendor default settings to compromise systems. Apply secure configurations … |
| PCI_DSS_v4-R3 | Protect Stored Account Data PCI DSS v4pentest:high | Protection methods such as encryption, truncation, masking, and hashing are critical components of account data protection. If an intruder circumvents other se… |
| PCI_DSS_v4-R4 | Protect Cardholder Data with Strong Cryptography During Transmission PCI DSS v4pentest:high | Sensitive information must be encrypted during transmission over networks that are easily accessed by malicious individuals. Misconfigured wireless networks an… |
| PCI_DSS_v4-R5 | Protect All Systems and Networks from Malicious Software PCI DSS v4pentest:medium | Malicious software (malware) is software designed to infiltrate or damage a computer system without the owner's knowledge or consent. Anti-malware mechanisms m… |
| PCI_DSS_v4-R6 | Develop and Maintain Secure Systems and Software PCI DSS v4pentest:high | Bespoke and custom software used in the cardholder data environment must be developed securely. Software-development processes shall incorporate security consi… |
| PCI_DSS_v4-R7 | Restrict Access to System Components and Cardholder Data by Business Need to Know PCI DSS v4pentest:high | To ensure critical data can only be accessed by authorised personnel, systems and processes must be in place to limit access based on need to know and accordin… |
| PCI_DSS_v4-R8 | Identify Users and Authenticate Access to System Components PCI DSS v4pentest:high | Two fundamental principles of identifying and authenticating users are to (1) establish the identity of an individual or process and (2) verify the user or pro… |
| PCI_DSS_v4-R9 | Restrict Physical Access to Cardholder Data PCI DSS v4pentest:low | Any physical access to data or systems that store, process, or transmit cardholder data provides the opportunity for individuals to access devices or data, and… |