[PCI DSS 3.0] [PCI DSS 3.0] 6.4 Follow change control processes and procedures for all changes to system components. The process

pcinetwork

PCINetwork.org Admin
#1
6.4 Follow change control processes and procedures for all changes to system components. The processes must include the following: (See 6.4.#)

6.4 Examine policies and procedures to verify the following are defined:
• Development/test environments are separate from production environments with access control in place to enforce separation.
• A separation of duties between personnel assigned to the development/test environments and those assigned to the production environment.
• Production data (live PANs) are not used for testing or development.
• Test data and accounts are removed before a production system becomes active.
• Change control procedures related to implementing security patches and software modifications are documented.

Without properly documented and implemented change controls, security features could be inadvertently or deliberately omitted or rendered inoperable, processing irregularities could occur, or malicious code could be introduced.
 
Top