To create this blog, our SecurityMetrics experts have collaborated to identify the information you need to navigate these new requirements with confidence.
If you’re in charge of PCI compliance at your organization, you likely have a lot of questions about PCI requirements 6.4.3 and 11.6.1. Choosing the best solution can be difficult, especially if you don’t understand what your options are. Continue reading this blog to learn about the new requirements and the solutions offered to achieve compliance.
The new requirements of 6.4.3 and 11.6.1 have caused some confusion amongst businesses who want to know their new PCI responsibilities. Enterprise organizations face compliance challenges related to the size of their organization, their network complexity, and business operations. Here is a brief synopsis of the new requirements 6.4.3 and 11.6.1.
The 6.4.3 PCI requirement ensures that any changes made to the cardholder data environment (CDE) are properly documented. This is part of the broader requirement to implement formal change control processes (Requirement 6.4).
Documentation for 6.4.3 include:
This helps maintain accountability and enables organizations to track modifications that could impact security.
This requirement mandates the use of file integrity monitoring (FIM) tools to ensure the integrity of critical files, configurations, and data. It focuses on detecting unauthorized changes that might signal a security breach or tampering.
Key aspects:
By implementing these requirements effectively, businesses can strengthen their change control processes and ensure the integrity of their systems, reducing the risk of vulnerabilities and breaches.
SecurityMetrics has several solutions for meeting these new requirements, including Shopping Cart Inspect and Shopping Cart Monitor.
Shopping Cart Inspect is excellent for detecting vulnerabilities early. Inspect is a manual inspection of your ecommerce website's shopping cart by a SecurityMetrics Forensic Investigator. The process involves the use of Patented, Award-winning WIM Technology to quickly determine if your website has fallen victim to javascript skimming.
SecurityMetrics Forensic Analysts will create a risk report illustrating your risk rating. Your thorough risk report will include:
Using your risk report, you can obtain an overall understanding of your ecommerce website’s structural integrity.
Shopping Cart Monitor is code-free or a no-code required solution. This means that you benefit from:
A code-free (or agentless) solution doesn’t require involving your web development team, which an agent-based solution would. In addition, it greatly improves your security because it can't be subverted. Monitor, unlike an agent-based solution that can be manipulated to be subverted, uses no code on your site, so it cannot be tampered with.
Shopping Cart Monitor helps you reach 6.4.3 by inventorying your javascript. Any javascript on the page is inventoried and documented in order to meet PCI requirement 6.4.3. Both static and dynamically generated javascripts are analyzed and inventoried.
Here are some final questions to ask when selecting a PCI compliance solution:
Whatever solution you choose for reaching 6.4.3 and 11.6.1, it’s essential to conduct thorough research and vet companies carefully, so you obtain the best product possible.
.svg)
