PCI-6.3.1:: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
<br> | <br> | ||
:'''Obtain and review written software development processes to confirm they are based on industry standards and that security is included throughout the life cycle. | :'''Obtain and review written software development processes to confirm they are based on industry standards and that security is included throughout the life cycle.<br> | ||
<br> | |||
:From review of written software development processes, inquiry of software developers, and review of relevant data (network configuration documentation, production and test data, etc.), determine the following:<br> | :From review of written software development processes, inquiry of software developers, and review of relevant data (network configuration documentation, production and test data, etc.), determine the following:<br> | ||
<br> | <br> |
Latest revision as of 18:26, 28 February 2007
- Obtain and review written software development processes to confirm they are based on industry standards and that security is included throughout the life cycle.
- From review of written software development processes, inquiry of software developers, and review of relevant data (network configuration documentation, production and test data, etc.), determine the following:
- PCI-6.3.1: All changes (including patches) are tested before being deployed into production.
Testing Procedures
Insert testing guidance here.
Testing Frequency
Describe testing frequency here.
Evidence Archive Location
Insert hyperlink or location of evidence archive.
Control Stewards Process Narrative
Provide control steward commentary indicating the formal methodology in place.
Control Steward – Jon Doe
Process Illustration
Replace this test by inserting a process diagram, flowchart or other visual representation to illustrate the process narrative as necessary. Include a brief description of the process illustration.
Control Status and Auditors Commentary
The control is effective.
File:Greenlock.jpg
Status is acceptable.
Control Exception Commentary
Status is acceptable.
Remediation Plan
Remediation is not required at this time.
--Mdpeters 13:23, 28 February 2007 (EST)