Category: PCI DSS Requirement 11
Regularly test security systems and processes.
PCI DSS Requirement 11 relates to the testing of the implementation of all the security controls an organization implements. It provides direct and empirical validation that these controls are effectively being implemented and rapidly identifies any shortcomings before a malicious attacker has identified the same. It should be noted that malicious hackers are now operating as “professional” organizations to research, identify and exploit vulnerable entities storing, processing or transmitting sensitive cardholder data. These controls are designed to test all aspects of an environment including servers, applications, processes etc. and identify issues timeously in order that they may be addressed as soon as identified and prior to exploitation by malicious hackers.