BLOG HOME > Auditor Tips > Auditor Tips: Requirement 5: Implement And Update Your Anti-Malware

Auditor Tips: Requirement 5: Implement And Update Your Anti-Malware

*This article was taken from our PCI Guide. For more information on this topic, download our free PCI Guide. 

Get Started with PCI Compliance

Start Here

System administrators have the responsibility of making sure their anti-malware software, including the signatures, are up to date.

After a software upgrade, verify that signatures are able to be updated. The new software may use different firewall rules or directory permissions, requiring some system configuration changes to ensure signature updates continue.

PCI DSS requires anti-malware software to be installed on all systems that are commonly affected by malware (e.g., Windows). While Linux servers are often considered systems not commonly affected by malware, it’s highly recommended that anti-malware software be installed for any Internet-facing Linux servers.

System administrators are responsible for making sure that their anti-malware software are up to date.

Get my free SecurityMetrics PCI Guide

Download Now

PCI DSS v4.0 Considerations for Requirement 5

In PCI DSS v.4.0, Requirement 5 is broadened by using the term anti-malware instead of anti-virus. Most solutions have already expanded past simply protecting against “viruses,” but it might be time for a more comprehensive solution.

Several new requirements were added. Though not enforced untilApril 2025, start implementing them sooner. Finding the appropriate solution to help against phishing attacks will be interesting, and will not necessarily be inside the CDE.



Authored by: MICHAEL OHRAN, CISSP | CISA | QSA | SSF | SSL

Join Thousands of Security Professionals and Subscribe

Subscribe