Upcoming PCI DSS 6.4.3 and 11.6.1 requirements

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. The upcoming versions and updates of PCI DSS introduce new requirements to further enhance security measures.

PCI DSS 6.4.3 Requirement

6.4.3: Ensure that security patches are installed within one month of release.

This requirement emphasizes the importance of timely application of security patches. Delays in applying patches can leave systems vulnerable to known exploits. The key points include:

• Security patches must be installed within one month of their release.
• This ensures that vulnerabilities are addressed promptly to reduce the risk of exploitation.
• Organizations must have a documented process for tracking, evaluating, and applying patches.

PCI DSS 11.6.1 Requirement

11.6.1: Implement a process to detect and protect against unauthorized wireless access points (WAPs).

This requirement aims to prevent unauthorized wireless access, which can be a significant security risk. Key components include:

• Regularly scan for unauthorized WAPs.
• Implement measures to detect and prevent rogue WAPs from being introduced into the environment.
• Maintain an inventory of all authorized WAPs and ensure they are secured.
• The process should be documented and include procedures for addressing unauthorized devices when they are detected.

Key Considerations for Compliance

1. Documentation: Maintain detailed records of patch management and wireless access point scans. This includes dates, findings, actions taken, and responsible personnel.
2. Automation: Where possible, automate the patch management process and wireless access point detection to ensure consistent and timely compliance.
3. Training: Ensure that IT staff are trained on the importance of these requirements and the procedures to follow.
4. Regular Audits: Conduct regular internal audits to ensure that processes are being followed and that documentation is up-to-date.

Practical Steps

• Patch Management:
• Wireless Security:

By adhering to these new requirements, organizations can enhance their security posture and reduce the risk of breaches related to unpatched vulnerabilities and unauthorized wireless access points