Regularly Monitor and Test Networks (Requirements 10-11)
Requirement 10: Track and monitor all access to network resources and cardholder data Requirement 11: Regularly test security systems and processes
Requirement 10: Track and monitor all access to network resources and cardholder data Logging mechanisms and the ability to track user activities are critical in preventing, detecting, or minimizing the impact of a data compromise. The presence of logs in all environments allows thorough tracking, alerting, and analysis when something does go wrong. Determining the cause of a compromise is very difficult, if not impossible, without system activity logs.
Latest: 10.8 Ensure that security policies and operational procedures for monitoring all access to network r pcinetwork, Sep 22, 2014
Requirement 11: Regularly test security systems and processes. Vulnerabilities are being discovered continually by malicious individuals and researchers, and being introduced by new software. System components, processes, and custom software should be tested frequently to ensure security controls continue to reflect a changing environment.
Latest: [PCI DSS 3.0] 11.3.1 Perform external penetration testing at least annually and after any significant infrastructu CyberSecurityAgency, Oct 5, 2015