PCI Requirement 12.3.1 – Explicit Approval by Authorized Parties
PCI v4.0 - 12.3.1: Use Targeted Risk Analyses to Support Flexible Testing
PCI v4.0 - 12.3.2: Perform Targeted Risk Analyses for Customized Approach
PCI Requirement 12.3.6 – Acceptable Network Locations for the Technologies
[PCI DSS Requirement 12] : Summary of Changes from Version 3.2.1 to 4.0 Explained
PCI DSS 3.2: Req. 12.4.1
PCI Requirement 12: Maintain a Policy that Addresses Information Security for All Personnel
PCI Requirement 12.10.1 – Create the Incident Response Plan to Be Implemented
PCI Requirement 12.1 & 12.1.1 – Establish, Publish, Maintain, and Disseminate a Security Policy
PCI Requirement 12.5.3 – Establish Security Incident Response and Escalation Procedures
PCI v4.0 - 11.3.1.1: Manage Non-High Risk and Non-Critical Vulnerabilities Appropriately
PCI v4.0 - 5.2.3.1:Define Frequency of Periodic Evaluations of Systems in the Targeted Risk Analysis
PCI Requirement 12.8.3 – Ensure there is an Established Process for Engaging Service Providers
PCI Requirement 9.8 – Destroy Media When it is no Longer Needed
PCI Requirement 7.2.1 – Coverage of all System Components
PCI Requirement 12.6 – Implement a Formal Security Awareness Program
PCI Requirement 12.5.4 – Administer User Accounts, Including Additions, Deletions, and Modifications
PCI Requirement 6.3.1 – Remove Development and Test Accounts, User IDs, and Passwords Before Release
PCI Requirement 12.9 – Service Providers are Responsible for the Security of Cardholder Data
PCI Requirement 12.4 – Ensure Security Policies & Procedures Define Responsibilities for All