This is the sixth blog in a 12-part series addressing each PCI DSS Requirement and the challenges faced by companies going through this process.
To view the previous posts in this series, follow the links below:
PCI requirement 6: Develop and Maintain Secure Systems and Applications
Requirement 6 joins the previous requirement in and around Anti-virus/Anti-Malware within the Vulnerability Management program section of the PCI requirements. This requirement will help you build a vulnerability management program that will ensure the development and maintenance of secure systems and applications. Patching and vulnerability scanning are critical components to this PCI requirement as it means there are some tools that need to be involved. Below I will discuss some challenges companies face when trying to meet this requirement. If your organization does application development for your PCI environment, there are a number of different pieces requirement 6 will make you comply with. These include formal software development procedures, formal code testing and deployment, as well as ensuring your developers are up-to-date on their secure coding techniques. These pieces of the program are not one and done, these are ongoing and fundamental to the PCI world you may live in.