6.4 - Follow change control processes and procedures for all changes to system components., 6.4.1 - Separate development/test environments from production environments, and enforce the separation with access controls., 6.4.2 - Separation of duties between development/test and production environments, 6.4.3 - Production data (live PANs) are not used for testing or development, 6.4.4 - Removal of test data and accounts from system components before the system becomes active / goes into production., 6.4.5 - Change control procedures must include the following, 6.4.5.1 - Documentation of impact., 6.4.5.2 - Documented change approval by authorized parties., 6.4.5.3 - Functionality testing to verify that the change does not adversely impact the security of the system., 6.4.5.4 - Back-out procedures., 6.4.6 - Upon completion of a significant change, all relevant PCI DSS requirements must be implemented on all new or changed systems and networks, and documentation updated as applicable.,

PCI DSS Requirment 6.4

Print
Embed

Leaderboard

Visual style

Options

Switch template

Continue editing: ?