PCI 5:

From HORSE - Holistic Operational Readiness Security Evaluation.
Revision as of 18:10, 28 February 2007 by Mdpeters (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Requirement 5: Use and regularly update anti-virus software.


  • Many vulnerabilities and malicious viruses enter the network via employees’ email activities. Anti-virus software must be used on all email systems and desktops to protect systems from malicious software.




PCI-5.1 Deploy anti-virus mechanisms on all systems commonly affected by viruses (e.g. PC’s and servers).


For the sample of (insert number and/or description of sample) system components, verify that anti-virus software is installed.




PCI-5.2 Ensure that all anti-virus mechanisms are current, actively running, and capable of generating audit logs.


To verify that anti-virus software is current as of (insert as-of date), actively running, and capable of generating logs, perform the following:


  • Obtain and review the policy requiring updates to anti-virus software and definitions.
  • Verify that the master installation of the software is enabled for automatic updates and periodic scans, and that the servers examined at 5.1 above have these features enabled.
  • Verify that log generation is enabled and that the logs are being retained in accordance with the company’s retention policy.


--Mdpeters 10:18, 7 July 2006 (EDT)