thePCI Portal

Category: V3.2.1

Data Flow Diagrams

The Report on Compliance suggests that Cardholder data-flow diagrams may also be included as a supplement to the description of how cardholder data is transmitted and/or processed.  Regardless they are great way to communicate and document the CDE and PCI DSS scope. FAQ Article Number 1178 from February 2011 … An important prerequisite to reduce…

Functionality testing to verify that the change does not adversely impact the security of the system

What are Assessor’s thoughts on requirement 6.4.5.3? 6.4.5.3 Functionality testing to verify that the change does not adversely impact the security of the system. 6.4.5.3.a For each sampled change, verify that functionality testing is performed to verify that the change does not adversely impact the security of the system. Thorough testing should be performed to…